AZL-73935

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73935.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-73935

Upstream

CVE-2025-38732

Published

2025-09-05T18:15:42Z

Modified

2026-04-01T05:22:21.743437Z

Summary

CVE-2025-38732 affecting package kernel for versions less than 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_reject: don't leak dst refcount for loopback packets

recent patches to add a WARN() when replacing skb dst entry found an old bug:

WARNING: include/linux/skbuff.h:1165 skbdstcheckunset include/linux/skbuff.h:1164 [inline] WARNING: include/linux/skbuff.h:1165 skbdstset include/linux/skbuff.h:1210 [inline] WARNING: include/linux/skbuff.h:1165 nfrejectfillskbdst+0x2a4/0x330 net/ipv4/netfilter/nfrejectipv4.c:234 [..] Call Trace: nfsendunreach+0x17b/0x6e0 net/ipv4/netfilter/nfrejectipv4.c:325 nftrejectineteval+0x4bc/0x690 net/netfilter/nftrejectinet.c:27 exprcallopseval net/netfilter/nftables_core.c:237 [inline] ..

This is because blamed commit forgot about loopback packets. Such packets already have a dstentry attached, even at PREROUTING stage.

Instead of checking hook just check if the skb already has a route attached to it.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38732

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73935.json"