CVE-2025-22064
📋 TL;DR
A Linux kernel vulnerability in the netfilter nf_tables subsystem where error handling incorrectly unregisters hooks when a table is dormant (inactive). This can cause kernel instability or crashes when modifying firewall rules. Affects Linux systems using nf_tables for packet filtering.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potentially disrupting network connectivity and system availability.
Likely Case
System instability or crash when administrators modify nf_tables rules, causing temporary service disruption.
If Mitigated
Minimal impact if systems don't use nf_tables or have limited rule modifications.
🎯 Exploit Status
Exploitation requires ability to modify nf_tables rules, typically requiring root or CAP_NET_ADMIN privileges. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/03d1fb457b696c18fe15661440c4f052b2374e7e
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from distribution vendor. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable nf_tables
linuxSwitch to iptables legacy mode if nf_tables not required
modprobe -r nf_tables
systemctl restart iptables
Limit nf_tables modifications
linuxRestrict who can modify firewall rules to minimize trigger conditions
🧯 If You Can't Patch
- Restrict firewall rule modifications to essential changes only
- Monitor system logs for kernel panic or crash events related to nf_tables
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if nf_tables module is loaded: lsmod | grep nf_tablesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond patched commits and system remains stable during rule modifications📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- System crash dumps
- nf_tables error messages in dmesg
Network Indicators:
- Sudden loss of firewall rules
- Unexpected network connectivity changes
SIEM Query:
search 'kernel panic' OR 'nf_tables' OR 'system crash' in system logs🔗 References
- https://git.kernel.org/stable/c/03d1fb457b696c18fe15661440c4f052b2374e7e
- https://git.kernel.org/stable/c/6134d1ea1e1408e8e7c8c26545b3b301cbdf1eda
- https://git.kernel.org/stable/c/688c15017d5cd5aac882400782e7213d40dc3556
- https://git.kernel.org/stable/c/ce571eba07d54e3637bf334bc48376fbfa55defe
- https://git.kernel.org/stable/c/feb1fa2a03a27fec7001e93e4223be4120d1784b
