CVE-2025-38472

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A crash in the conntrack component of the Linux kernel was reported due to the removal of an uninitialized entry. The issue occurs when an expired conntrack entry is deleted from the hash bucket list, potentially leading to a crash within the nf ct delete from lists function. The root cause is a race condition where a conntrack entry can be re-initialized while still being referenced, resulting in a partially initialized state and an incorrect hash value. This can occur when a CPU finds an expired entry, another CPU preempts it, and the entry is re-initialized before the first CPU can complete the deletion process. The fix involves moving the assignment of the IPS CONFIRMED flag after the table insertion and before the unlock, and modifying nf ct should gc() to check the confirmed bit first.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.