PT-2025-36262 · Linux+5 · Linux Kernel+5

Published

2025-01-01

·

Updated

2026-04-20

·

CVE-2025-38732

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel's netfilter module, specifically within the nf reject functionality. The issue involves a potential information leak of the destination reference count for loopback packets. Recent patches intended to add a warning when replacing the socket buffer (skb) destination entry revealed this bug. The problem arises because a previous commit did not account for loopback packets, which already have a destination entry attached even at the PRE ROUTING stage. The code incorrectly attempts to set or check the destination entry, leading to the observed warning and potential information disclosure.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Weakness Enumeration

CWE-911

Related Identifiers

AZL-67016
AZL-73935
BDU:2025-15743
CVE-2025-38732
DLA-4327-1
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-AD94-D2EE-F1C3
MGASA-2025-0234
MGASA-2025-0235
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3725-1
SUSE-SU-2025:3751-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu