5.5 CVE-2025-38678

Enriched by CISA Patch Exploit

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is found, leaving unregistered the hook of the duplicated device. Check if a duplicated device exists in the transaction batch, bail out with EEXIST in such case. WARNING is hit when unregistering the hook: [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150 [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full) [...] [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150
https://nvd.nist.gov/vuln/detail/CVE-2025-38678

References

416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch

https://git.kernel.org/stable/c/0521e694d5b80899fba8695881a6349f9bc538cb
https://git.kernel.org/stable/c/3f358a66a04513311668ea4b40f5064e253d8386 Patch
https://git.kernel.org/stable/c/4681960bc0f4f8bcc782cbf2fd205f48ad314dfd
https://git.kernel.org/stable/c/4ce2a0c3b8497a66cfc25fc7ca3d087258a785d2
https://git.kernel.org/stable/c/cf23d531a9d496863aa4c5a0e2f71f0a23f3df3c Patch
https://git.kernel.org/stable/c/cf5fb87fcdaaaafec55dcc0dc5a9e15ead343973 Patch
https://git.kernel.org/stable/c/d7615bde541f16517d6790412da6ec46fa8a4c1f Patch

AFFECTED (from MITRE)

Vendor	Product	Versions
Linux	Linux	78d9f48f7f44431a25da2b46b3a8812f6ff2b981 < 0521e694d5b80899fba8695881a6349f9bc538cb [affected] 78d9f48f7f44431a25da2b46b3a8812f6ff2b981 < 4681960bc0f4f8bcc782cbf2fd205f48ad314dfd [affected] 78d9f48f7f44431a25da2b46b3a8812f6ff2b981 < 4ce2a0c3b8497a66cfc25fc7ca3d087258a785d2 [affected] 78d9f48f7f44431a25da2b46b3a8812f6ff2b981 < 3f358a66a04513311668ea4b40f5064e253d8386 [affected] 78d9f48f7f44431a25da2b46b3a8812f6ff2b981 < cf23d531a9d496863aa4c5a0e2f71f0a23f3df3c [affected] 78d9f48f7f44431a25da2b46b3a8812f6ff2b981 < d7615bde541f16517d6790412da6ec46fa8a4c1f [affected] 78d9f48f7f44431a25da2b46b3a8812f6ff2b981 < cf5fb87fcdaaaafec55dcc0dc5a9e15ead343973 [affected]
Linux	Linux	5.8 [affected] < 5.8 [unaffected] 5.10.247 ≤ 5.10.* [unaffected] 5.15.197 ≤ 5.15.* [unaffected] 6.1.159 ≤ 6.1.* [unaffected] 6.6.117 ≤ 6.6.* [unaffected] 6.12.59 ≤ 6.12.* [unaffected] 6.16.2 ≤ 6.16.* [unaffected] 6.17 ≤ * [unaffected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe	start	end
Configuration 1
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.8	< 6.6.117
cpe:2.3:o:linux:linux_kernel::::::::	>= 6.7	< 6.12.59
cpe:2.3:o:linux:linux_kernel::::::::	>= 6.13	< 6.16.2
cpe:2.3:o:linux:linux_kernel:6.17:rc1::::::

REMEDIATION

Patch

Url
https://git.kernel.org/stable/c/3f358a66a04513311668ea4b40f5064e253d8386
https://git.kernel.org/stable/c/cf23d531a9d496863aa4c5a0e2f71f0a23f3df3c
https://git.kernel.org/stable/c/cf5fb87fcdaaaafec55dcc0dc5a9e15ead343973
https://git.kernel.org/stable/c/d7615bde541f16517d6790412da6ec46fa8a4c1f

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
https://github.com/guard-wait/CVE-2025-38678_POC

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee