CVE-2025-22064
netfilter: nf_tables: don't unregister hook when table is dormant
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
16 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: don't unregister hook when table is dormant
When nf_tables_updchain encounters an error, hook registration needs to
be rolled back.
This should only be done if the hook has been registered, which won't
happen when the table is flagged as dormant (inactive).
Just move the assignment into the registration block.
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/03d1fb457b696c18fe15661440c4f052b2374e7ehttps://git.kernel.org/stable/c/6134d1ea1e1408e8e7c8c26545b3b301cbdf1edahttps://git.kernel.org/stable/c/688c15017d5cd5aac882400782e7213d40dc3556https://git.kernel.org/stable/c/ce571eba07d54e3637bf334bc48376fbfa55defehttps://git.kernel.org/stable/c/feb1fa2a03a27fec7001e93e4223be4120d1784b