CVE-2025-22064

low-risk

Published 2025-04-16

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't unregister hook when table is dormant When nf_tables_updchain encounters an error, hook registration needs to be rolled back. This should only be done if the hook has been registered, which won't happen when the table is flagged as dormant (inactive). Just move the assignment into the registration block.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (5)

Patch https://git.kernel.org/stable/c/03d1fb457b696c18fe15661440c4f052b2374e7e

Patch https://git.kernel.org/stable/c/6134d1ea1e1408e8e7c8c26545b3b301cbdf1eda

Patch https://git.kernel.org/stable/c/688c15017d5cd5aac882400782e7213d40dc3556

Patch https://git.kernel.org/stable/c/ce571eba07d54e3637bf334bc48376fbfa55defe

Patch https://git.kernel.org/stable/c/feb1fa2a03a27fec7001e93e4223be4120d1784b

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal