CVE-2025-22064

Summary

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: don't unregister hook when table is dormant

When nf_tables_updchain encounters an error, hook registration needs to be rolled back.

This should only be done if the hook has been registered, which won't happen when the table is flagged as dormant (inactive).

Just move the assignment into the registration block.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb9703ed44ffbfba85c103b9de01886a225e14b38 < 6134d1ea1e1408e8e7c8c26545b3b301cbdf1edaaffected
LinuxLinuxb9703ed44ffbfba85c103b9de01886a225e14b38 < feb1fa2a03a27fec7001e93e4223be4120d1784baffected
LinuxLinuxb9703ed44ffbfba85c103b9de01886a225e14b38 < 03d1fb457b696c18fe15661440c4f052b2374e7eaffected
LinuxLinuxb9703ed44ffbfba85c103b9de01886a225e14b38 < ce571eba07d54e3637bf334bc48376fbfa55defeaffected
LinuxLinuxb9703ed44ffbfba85c103b9de01886a225e14b38 < 688c15017d5cd5aac882400782e7213d40dc3556affected
LinuxLinuxd131ce7a319d3bff68d5a9d5509bb22e4ce33946affected
LinuxLinux6.3.3 < 6.4affected
LinuxLinux6.4affected
LinuxLinux0 < 6.4unaffected
LinuxLinux6.6.87 <= 6.6.*unaffected
LinuxLinux6.12.23 <= 6.12.*unaffected
LinuxLinux6.13.11 <= 6.13.*unaffected
LinuxLinux6.14.2 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

References