CVE-2025-39894 — Operation on a Resource after Expiration or Release in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 1
Latest updateApr 9
Description
In the Linux kernel, the following vulnerability has been resolved:
netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm
When send a broadcast packet to a tap device, which was added to a bridge,
br_nf_local_in() is called to confirm the conntrack. If another conntrack
with the same hash value is added to the hash table, which can be
triggered by a normal packet to a non-bridge device, the below warning
may happen.
------------[ cut here ]------------
WARNING:…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux7c3f28599652acf431a2211168de4a583f30b6d5 — d00c8b0daf56012f69075e3377da67878c775e4c+7
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3CVEList
▶
OSV▶
CVE-2025-39894: In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after conf↗2025-10-01
GHSA▶
GHSA-rq7c-gx2v-c384: In the Linux kernel, the following vulnerability has been resolved:
netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after con↗2025-10-01