CVE-2025-38678Improper Input Validation in Linux

CWE-20Improper Input Validation53 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV7.1OSV3.2
EPSS
0.0%
top 92.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedSep 3
Latest updateJan 9

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is found, leaving unregistered the hook of the duplicated device. Check if a duplicated device exists in the transaction batch, bail out with EEXIST in such case. WARNING is hit when unregistering the hook: [49042.221275]

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

NVDlinux/linux_kernel5.86.6.117+3
Debianlinux/linux_kernel< 5.10.247-1+3
Ubuntulinux/linux_kernel< 5.15.0-163.173+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

27
OSV
linux-azure-nvidia vulnerabilities2026-01-09
OSV
linux-azure-fips vulnerabilities2025-12-17
OSV
linux-azure-5.15 vulnerabilities2025-12-16
OSV
linux-raspi, linux-raspi-realtime, linux-xilinx vulnerabilities2025-12-16
OSV
linux-raspi vulnerabilities2025-12-15

📋Vendor Advisories

25
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2026-01-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-12-17
Ubuntu
Linux kernel vulnerabilities2025-12-16
Ubuntu
Linux kernel (Azure) vulnerabilities2025-12-16
Ubuntu
Linux kernel (Azure) vulnerabilities2025-12-15