Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-21959
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-01 Apr, 2025 | 15:46
Updated At-23 May, 2026 | 15:57
Rejected At-
▼CVE Numbering Authority (CNA)
netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Since commit b36e4523d4d5 ("netfilter: nf_conncount: fix garbage collection confirm race"), `cpu` and `jiffies32` were introduced to the struct nf_conncount_tuple. The commit made nf_conncount_add() initialize `conn->cpu` and `conn->jiffies32` when allocating the struct. In contrast, count_tree() was not changed to initialize them. By commit 34848d5c896e ("netfilter: nf_conncount: Split insert and traversal"), count_tree() was split and the relevant allocation code now resides in insert_tree(). Initialize `conn->cpu` and `conn->jiffies32` in insert_tree(). BUG: KMSAN: uninit-value in find_or_evict net/netfilter/nf_conncount.c:117 [inline] BUG: KMSAN: uninit-value in __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143 find_or_evict net/netfilter/nf_conncount.c:117 [inline] __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143 count_tree net/netfilter/nf_conncount.c:438 [inline] nf_conncount_count+0x82f/0x1e80 net/netfilter/nf_conncount.c:521 connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72 __nft_match_eval net/netfilter/nft_compat.c:403 [inline] nft_match_eval+0x1a5/0x300 net/netfilter/nft_compat.c:433 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x426/0x2290 net/netfilter/nf_tables_core.c:288 nft_do_chain_ipv4+0x1a5/0x230 net/netfilter/nft_chain_filter.c:23 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook_slow_list+0x24d/0x860 net/netfilter/core.c:663 NF_HOOK_LIST include/linux/netfilter.h:350 [inline] ip_sublist_rcv+0x17b7/0x17f0 net/ipv4/ip_input.c:633 ip_list_rcv+0x9ef/0xa40 net/ipv4/ip_input.c:669 __netif_receive_skb_list_ptype net/core/dev.c:5936 [inline] __netif_receive_skb_list_core+0x15c5/0x1670 net/core/dev.c:5983 __netif_receive_skb_list net/core/dev.c:6035 [inline] netif_receive_skb_list_internal+0x1085/0x1700 net/core/dev.c:6126 netif_receive_skb_list+0x5a/0x460 net/core/dev.c:6178 xdp_recv_frames net/bpf/test_run.c:280 [inline] xdp_test_run_batch net/bpf/test_run.c:361 [inline] bpf_test_run_xdp_live+0x2e86/0x3480 net/bpf/test_run.c:390 bpf_prog_test_run_xdp+0xf1d/0x1ae0 net/bpf/test_run.c:1316 bpf_prog_test_run+0x5e5/0xa30 kernel/bpf/syscall.c:4407 __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5813 __do_sys_bpf kernel/bpf/syscall.c:5902 [inline] __se_sys_bpf kernel/bpf/syscall.c:5900 [inline] __ia32_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5900 ia32_sys_call+0x394d/0x4180 arch/x86/include/generated/asm/syscalls_32.h:358 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0xb0/0x110 arch/x86/entry/common.c:387 do_fast_syscall_32+0x38/0x80 arch/x86/entry/common.c:412 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:450 entry_SYSENTER_compat_after_hwframe+0x84/0x8e Uninit was created at: slab_post_alloc_hook mm/slub.c:4121 [inline] slab_alloc_node mm/slub.c:4164 [inline] kmem_cache_alloc_noprof+0x915/0xe10 mm/slub.c:4171 insert_tree net/netfilter/nf_conncount.c:372 [inline] count_tree net/netfilter/nf_conncount.c:450 [inline] nf_conncount_count+0x1415/0x1e80 net/netfilter/nf_conncount.c:521 connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72 __nft_match_eval net/netfilter/nft_compat.c:403 [inline] nft_match_eval+0x1a5/0x300 net/netfilter/nft_compat.c:433 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x426/0x2290 net/netfilter/nf_tables_core.c:288 nft_do_chain_ipv4+0x1a5/0x230 net/netfilter/nft_chain_filter.c:23 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook_slow_list+0x24d/0x860 net/netfilter/core.c:663 NF_HOOK_LIST include/linux/netfilter.h:350 [inline] ip_sublist_rcv+0x17b7/0x17f0 net/ipv4/ip_input.c:633 ip_list_rcv+0x9ef/0xa40 net/ip ---truncated---

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/netfilter/nf_conncount.c
Default Status
unaffected
Versions
Affected
  • From b36e4523d4d56e2595e28f16f6ccf1cd6a9fc452 before f522229c5563b59b4240261e406779bba6754159 (git)
  • From b36e4523d4d56e2595e28f16f6ccf1cd6a9fc452 before 2a154ce766b995494e88d8d117fa82cc6b73dd87 (git)
  • From b36e4523d4d56e2595e28f16f6ccf1cd6a9fc452 before e8544a5a97bee3674e7cd6bf0f3a4af517fa9146 (git)
  • From b36e4523d4d56e2595e28f16f6ccf1cd6a9fc452 before a62a25c6ad58fae997f48a0749afeda1c252ae51 (git)
  • From b36e4523d4d56e2595e28f16f6ccf1cd6a9fc452 before fda50302a13701d47fbe01e1739c7a51114144fb (git)
  • From b36e4523d4d56e2595e28f16f6ccf1cd6a9fc452 before db1e0c0856821c59a32ea3af79476bf20a6beeb2 (git)
  • From b36e4523d4d56e2595e28f16f6ccf1cd6a9fc452 before 2db5baaf047a7c8d6ed5e2cc657b7854e155b7fc (git)
  • From b36e4523d4d56e2595e28f16f6ccf1cd6a9fc452 before d653bfeb07ebb3499c403404c21ac58a16531607 (git)
  • 75af3d78168e654a5cd8bbc4c774f97be836165f (git)
  • From 4.14.92 before 4.15 (semver)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/netfilter/nf_conncount.c
Default Status
affected
Versions
Affected
  • 4.18
Unaffected
  • From 0 before 4.18 (semver)
  • From 5.4.292 through 5.4.* (semver)
  • From 5.10.236 through 5.10.* (semver)
  • From 5.15.180 through 5.15.* (semver)
  • From 6.1.132 through 6.1.* (semver)
  • From 6.6.84 through 6.6.* (semver)
  • From 6.12.20 through 6.12.* (semver)
  • From 6.13.8 through 6.13.* (semver)
  • From 6.14 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://git.kernel.org/stable/c/f522229c5563b59b4240261e406779bba6754159
N/A
https://git.kernel.org/stable/c/2a154ce766b995494e88d8d117fa82cc6b73dd87
N/A
https://git.kernel.org/stable/c/e8544a5a97bee3674e7cd6bf0f3a4af517fa9146
N/A
https://git.kernel.org/stable/c/a62a25c6ad58fae997f48a0749afeda1c252ae51
N/A
https://git.kernel.org/stable/c/fda50302a13701d47fbe01e1739c7a51114144fb
N/A
https://git.kernel.org/stable/c/db1e0c0856821c59a32ea3af79476bf20a6beeb2
N/A
https://git.kernel.org/stable/c/2db5baaf047a7c8d6ed5e2cc657b7854e155b7fc
N/A
https://git.kernel.org/stable/c/d653bfeb07ebb3499c403404c21ac58a16531607
N/A
Hyperlink: https://git.kernel.org/stable/c/f522229c5563b59b4240261e406779bba6754159
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/2a154ce766b995494e88d8d117fa82cc6b73dd87
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e8544a5a97bee3674e7cd6bf0f3a4af517fa9146
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/a62a25c6ad58fae997f48a0749afeda1c252ae51
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/fda50302a13701d47fbe01e1739c7a51114144fb
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/db1e0c0856821c59a32ea3af79476bf20a6beeb2
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/2db5baaf047a7c8d6ed5e2cc657b7854e155b7fc
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/d653bfeb07ebb3499c403404c21ac58a16531607
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-908CWE-908 Use of Uninitialized Resource
Type: CWE
CWE ID: CWE-908
Description: CWE-908 Use of Uninitialized Resource
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
N/A
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Resource: N/A
Details not found