VYPR
Medium severity5.5NVD Advisory· Published Sep 11, 2025· Updated Jun 17, 2026

CVE-2025-39764

CVE-2025-39764

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: remove refcounting in expectation dumpers

Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then use that as the skip hint for dump resumption.

AFAICS this has the same issue as the one resolved in the conntrack dumper, when we do if (!refcount_inc_not_zero(&exp->use))

to increment the refcount, there is a chance that exp == last, which causes a double-increment of the refcount and subsequent memory leak.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

126

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.