CVE-2025-39980

NONE EPSS 8.6%
Published Oct 15, 20258mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Oct 15, 2025 8mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of non-FDB nexthop groups with FDB nexthops: # ip nexthop add id 1 via 192.0.2.1 fdb # ip nexthop add id 2 group 1 Error: Non FDB nexthop group cannot have fdb nexthops. And vice versa: # ip nexthop add id 3 via 192.0.2.2 dev dummy1 # ip nexthop add id 4 group 3 fdb Error: FDB nexthop group can only have fdb nexthops. However, as long as no routes are pointing to a non-FDB nexthop group, the kernel allows changing the type of a nexthop from FDB to non-FDB and vice versa: # ip nexthop add id 5 via 192.0.2.2 dev dummy1 # ip nexthop add id 6 group 5 # ip nexthop replace id 5 via 192.0.2.2 fdb # echo $? 0 This configuration is invalid and can result in a NPD [1] since FDB nexthops are not associated with a nexthop device: # ip route add 198.51.100.1/32 nhid 6 # ping 198.51.100.1 Fix by preventing nexthop FDB status change while the nexthop is in a group: # ip nexthop add id 7 via 192.0.2.2 dev dummy1 # ip nexthop add id 8 group 7 # ip nexthop replace id 7 via 192.0.2.2 fdb Error: Cannot change nexthop FDB status while in a group. [1] BUG: kernel NULL pointer dereference, address: 00000000000003c0 [...] Oops: Oops: 0000 [#1] SMP CPU: 6 UID: 0 PID: 367 Comm: ping Not tainted 6.17.0-rc6-virtme-gb65678cacc03 #1 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014 RIP: 0010:fib_lookup_good_nhc+0x1e/0x80 [...] Call Trace: <TASK> fib_table_lookup+0x541/0x650 ip_route_output_key_hash_rcu+0x2ea/0x970 ip_route_output_key_hash+0x55/0x80 __ip4_datagram_connect+0x250/0x330 udp_connect+0x2b/0x60 __sys_connect+0x9c/0xd0 __x64_sys_connect+0x18/0x20 do_syscall_64+0xa4/0x2a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53

Threat Intelligence

EPSS Exploit Probability
8.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 7

  • git.kernel.org https://git.kernel.org/stable/c/0e7bfe7a268ccbd7859730c529161cafbf44637c
  • git.kernel.org https://git.kernel.org/stable/c/24046d31f6f92220852d393d510b6062843e3fbd
  • git.kernel.org https://git.kernel.org/stable/c/390b3a300d7872cef9588f003b204398be69ce08
  • git.kernel.org https://git.kernel.org/stable/c/8dd4aa0122885f710930de135af2adc4ccc3238f
  • git.kernel.org https://git.kernel.org/stable/c/e1e87ac0daacd51f522ecd1645cd76b5809303ed
  • git.kernel.org https://git.kernel.org/stable/c/ec428fff792b7bd15b248dafca2e654b666b1304
  • git.kernel.org https://git.kernel.org/stable/c/f0e49fd13afe9dea7a09a1c9537fd00cea22badb

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.