Multicast Query Vulnerability in Linux Kernel Network Bridge Module
CVE-2025-39773

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39773?

A vulnerability exists in the Linux kernel's network bridge module, specifically related to multicast querying. When the multicast_query_interval is set to an excessively high value, it can lead to an overflow in the local 'time' variable during the br_multicast_send_query() execution. This overflow may cause a timer to expire prematurely, creating a loop that results in a soft lockup condition within the system. System administrators should be aware of this issue as it can significantly impact system performance and stability.

Affected Version(s)

Linux d902eee43f1951b358d7347d9165c6af21cf7b1b < 34171b9e53bd1dc264f5556579f2b04f04435c73

Linux d902eee43f1951b358d7347d9165c6af21cf7b1b < 43e281fde5e76a866a4d10780c35023f16c0e432

Linux d902eee43f1951b358d7347d9165c6af21cf7b1b < 96476b043efb86a94f2badd260f7f99c97bd5893

References

https://git.kernel.org/stable/c/34171b9e53bd1dc264f555657...

https://git.kernel.org/stable/c/43e281fde5e76a866a4d10780...

https://git.kernel.org/stable/c/96476b043efb86a94f2badd26...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025