5.5

CVE-2025-38678

EPSS 0.03%
Veröffentlicht 03.09.2025 13:01:15
Zuletzt bearbeitet 06.12.2025 22:15:51
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

netfilter: nf_tables: reject duplicate device on updates

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: reject duplicate device on updates

A chain/flowtable update with duplicated devices in the same batch is
possible. Unfortunately, netdev event path only removes the first
device that is found, leaving unregistered the hook of the duplicated
device.

Check if a duplicated device exists in the transaction batch, bail out
with EEXIST in such case.

WARNING is hit when unregistering the hook:

 [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150
 [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S                  6.16.0+ #170 PREEMPT(full)
 [...]
 [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

NVD 4 VulnDex Vulnerability Enrichment 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.8 < 6.6.117

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.59

Linux ≫ Linux Kernel Version >= 6.13 < 6.16.2

Linux ≫ Linux Kernel Version6.17 Updaterc1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.081

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/d7615bde541f16517d6790412da6ec46fa8a4c1f

Patch

https://git.kernel.org/stable/c/cf5fb87fcdaaaafec55dcc0dc5a9e15ead343973

Patch

https://git.kernel.org/stable/c/3f358a66a04513311668ea4b40f5064e253d8386

Patch

https://git.kernel.org/stable/c/cf23d531a9d496863aa4c5a0e2f71f0a23f3df3c

Patch

https://git.kernel.org/stable/c/0521e694d5b80899fba8695881a6349f9bc538cb

https://git.kernel.org/stable/c/4681960bc0f4f8bcc782cbf2fd205f48ad314dfd

https://git.kernel.org/stable/c/4ce2a0c3b8497a66cfc25fc7ca3d087258a785d2

https://nvd.nist.gov/vuln/detail/CVE-2025-38678

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38678

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38678

EUVD