-
CVE-2025-39894
- EPSS 0.03%
- Veröffentlicht 01.10.2025 08:15:31
- Zuletzt bearbeitet 02.10.2025 19:12:17
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm When send a broadcast packet to a tap device, which was added to a bridge, br_nf_local_in() is called to confirm the conntrack. If another conntrack with the same hash value is added to the hash table, which can be triggered by a normal packet to a non-bridge device, the below warning may happen. ------------[ cut here ]------------ WARNING: CPU: 1 PID: 96 at net/bridge/br_netfilter_hooks.c:632 br_nf_local_in+0x168/0x200 CPU: 1 UID: 0 PID: 96 Comm: tap_send Not tainted 6.17.0-rc2-dirty #44 PREEMPT(voluntary) RIP: 0010:br_nf_local_in+0x168/0x200 Call Trace: <TASK> nf_hook_slow+0x3e/0xf0 br_pass_frame_up+0x103/0x180 br_handle_frame_finish+0x2de/0x5b0 br_nf_hook_thresh+0xc0/0x120 br_nf_pre_routing_finish+0x168/0x3a0 br_nf_pre_routing+0x237/0x5e0 br_handle_frame+0x1ec/0x3c0 __netif_receive_skb_core+0x225/0x1210 __netif_receive_skb_one_core+0x37/0xa0 netif_receive_skb+0x36/0x160 tun_get_user+0xa54/0x10c0 tun_chr_write_iter+0x65/0xb0 vfs_write+0x305/0x410 ksys_write+0x60/0xd0 do_syscall_64+0xa4/0x260 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> ---[ end trace 0000000000000000 ]--- To solve the hash conflict, nf_ct_resolve_clash() try to merge the conntracks, and update skb->_nfct. However, br_nf_local_in() still use the old ct from local variable 'nfct' after confirm(), which leads to this warning. If confirm() does not insert the conntrack entry and return NF_DROP, the warning may also occur. There is no need to reserve the WARN_ON_ONCE, just remove it.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
d00c8b0daf56012f69075e3377da67878c775e4c
Version
7c3f28599652acf431a2211168de4a583f30b6d5
Status
affected
Version <
ccbad4803225eafe0175d3cb19f0d8d73b504a94
Version
2b1414d5e94e477edff1d2c79030f1d742625ea0
Status
affected
Version <
50db11e2bbb635e38e3dd096215580d6adb41fb0
Version
80cd0487f630b5382734997c3e5e3003a77db315
Status
affected
Version <
c47ca77fee9071aa543bae592dd2a384f895c8b6
Version
62e7151ae3eb465e0ab52a20c941ff33bb6332e9
Status
affected
Version <
a74abcf0f09f59daeecf7a3ba9c1d690808b0afe
Version
62e7151ae3eb465e0ab52a20c941ff33bb6332e9
Status
affected
Version <
479a54ab92087318514c82428a87af2d7af1a576
Version
62e7151ae3eb465e0ab52a20c941ff33bb6332e9
Status
affected
Version
cb734975b0ffa688ff6cc0eed463865bf07b6c01
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
6.8
Status
affected
Version <
6.8
Version
0
Status
unaffected
Version <=
5.15.*
Version
5.15.192
Status
unaffected
Version <=
6.1.*
Version
6.1.151
Status
unaffected
Version <=
6.6.*
Version
6.6.105
Status
unaffected
Version <=
6.12.*
Version
6.12.46
Status
unaffected
Version <=
6.16.*
Version
6.16.6
Status
unaffected
Version <=
*
Version
6.17
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.081 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|