Linux Kernel Vulnerability in Netfilter Component by The Linux Foundation
CVE-2025-39867

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-39867?

A null dereference vulnerability has been identified in the Netfilter module of the Linux kernel, specifically within the nft_set_pipapo component. This issue occurs due to an improper check for a null scratch map, which could lead to unexpected behavior when avx2 support is not available. The vulnerability has been addressed by correcting the logic in the check, enhancing the robustness and security of the affected systems. It is crucial for administrators to ensure their Linux kernels are updated to mitigate potential risks associated with this flaw.

Affected Version(s)

Linux 3a2d45819a193daccb36baeb524bf883caa5a363 < 44b2be6d5994ddf07ecc86c01d3279bfa13e9ef6

Linux 610c1e196fc86664869c3265818ece602d2adc58 < 51a321b480d1e753667f6aea497312461563f9fe

Linux d8d871a35ca9ee4881d34995444ed1cb826d01db < 30c1d25b9870d551be42535067d5481668b5e6f3

References

https://git.kernel.org/stable/c/44b2be6d5994ddf07ecc86c01...

https://git.kernel.org/stable/c/51a321b480d1e753667f6aea4...

https://git.kernel.org/stable/c/30c1d25b9870d551be4253506...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Apr 16, 2025

JSON