CVE-2025-38721
📋 TL;DR
A reference count leak in the Linux kernel's netfilter ctnetlink component prevents proper cleanup of connection tracking objects. This can cause kernel memory exhaustion and potentially block network namespace dismantling or module unloading. Systems running vulnerable Linux kernel versions with netfilter enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory exhaustion leading to system instability, inability to unload netfilter modules, and potential denial of service through resource starvation.
Likely Case
Gradual memory leak that may cause performance degradation over time, particularly on systems with high connection tracking activity.
If Mitigated
Minimal impact if systems are regularly rebooted or have memory monitoring in place to detect leaks.
🎯 Exploit Status
Exploitation requires triggering specific netfilter operations; the vulnerability was discovered through selftest loops rather than active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing fixes from git commits: 19b909a4b1452fb97e477d2f08b97f8d04095619, 30cf811058552b8cd0e98dff677ef3f89d6d34ce, 41462f4cfc583513833f87f9ee55d12da651a7e3, 586892e341fbf698e7cbaca293e1353957db725a, 962518c6ca9f9a13df099cafa429f72f68ad61f0
Vendor Advisory: https://git.kernel.org/stable/c/19b909a4b1452fb97e477d2f08b97f8d04095619
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable connection tracking if not needed
LinuxIf connection tracking is not required for your use case, disabling it eliminates the vulnerability.
modprobe -r nf_conntrack
echo 'blacklist nf_conntrack' > /etc/modprobe.d/blacklist-conntrack.conf
🧯 If You Can't Patch
- Implement regular system reboots to clear accumulated memory leaks
- Monitor kernel memory usage and connection tracking table size for abnormal growth
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if it contains the vulnerable code by examining netfilter ctnetlink source or checking distribution security advisories.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or check that connection tracking objects are properly released during netns dismantle operations.📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- High memory usage in kernel space
- nf_conntrack table size growing abnormally
Network Indicators:
- Degradation in network performance due to kernel resource exhaustion
SIEM Query:
kernel: "nf_conntrack_cleanup_net_list" OR "conntrack" AND ("memory" OR "oom")🔗 References
- https://git.kernel.org/stable/c/19b909a4b1452fb97e477d2f08b97f8d04095619
- https://git.kernel.org/stable/c/30cf811058552b8cd0e98dff677ef3f89d6d34ce
- https://git.kernel.org/stable/c/41462f4cfc583513833f87f9ee55d12da651a7e3
- https://git.kernel.org/stable/c/586892e341fbf698e7cbaca293e1353957db725a
- https://git.kernel.org/stable/c/962518c6ca9f9a13df099cafa429f72f68ad61f0
- https://git.kernel.org/stable/c/a2cb4df7872de069f809de2f076ec8e54d649fe3
- https://git.kernel.org/stable/c/a62d6aa3f31f216b637a4c71b7a8bfc7c57f049b
- https://git.kernel.org/stable/c/de788b2e6227462b6dcd0e07474e72c089008f74
- https://git.kernel.org/stable/c/e14f72aa66c029db106921d621edcedef68e065b
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
