CVE-2025-71160

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel's netfilter module contains an issue within the nf tables component related to chain validation. The vulnerability can lead to CPU soft lock-ups during nft chain validate() processing. The issue arises from unnecessary re-validation of chains when traversing the table graph, potentially impacting performance and system stability. The problem occurs because the system revalidates chains even when they have already been checked, leading to redundant processing. This is particularly relevant when dealing with complex chain structures involving jumps. The validation process also ensures that expressions are called from valid base chains, such as the masquerade expression being limited to NAT postrouting base chains.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.