Linux Kernel Netfilter Vulnerability in Bridge Handling
CVE-2025-39894

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39894?

A vulnerability has been identified in the Linux kernel's netfilter related to bridge handling that can lead to warnings during network packet transmission. Specifically, when broadcast packets are sent to a tap device within a bridge, unexpected behavior may occur if another conntrack is added with the same hash. This situation can trigger warnings due to conflicts in the conntrack hash table management. The ineffective handling of confirmed conntracks can result in unnecessary warnings during the processing of network packets, affecting system stability and performance.

Affected Version(s)

Linux 7c3f28599652acf431a2211168de4a583f30b6d5

Linux 2b1414d5e94e477edff1d2c79030f1d742625ea0

Linux 80cd0487f630b5382734997c3e5e3003a77db315 < 50db11e2bbb635e38e3dd096215580d6adb41fb0

References

https://git.kernel.org/stable/c/d00c8b0daf56012f69075e337...

https://git.kernel.org/stable/c/ccbad4803225eafe0175d3cb1...

https://git.kernel.org/stable/c/50db11e2bbb635e38e3dd0962...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON