Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-39773

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/09/2025
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: bridge: fix soft lockup in br_multicast_query_expired()<br /> <br /> When set multicast_query_interval to a large value, the local variable<br /> &amp;#39;time&amp;#39; in br_multicast_send_query() may overflow. If the time is smaller<br /> than jiffies, the timer will expire immediately, and then call mod_timer()<br /> again, which creates a loop and may trigger the following soft lockup<br /> issue.<br /> <br /> watchdog: BUG: soft lockup - CPU#1 stuck for 221s! [rb_consumer:66]<br /> CPU: 1 UID: 0 PID: 66 Comm: rb_consumer Not tainted 6.16.0+ #259 PREEMPT(none)<br /> Call Trace:<br /> <br /> __netdev_alloc_skb+0x2e/0x3a0<br /> br_ip6_multicast_alloc_query+0x212/0x1b70<br /> __br_multicast_send_query+0x376/0xac0<br /> br_multicast_send_query+0x299/0x510<br /> br_multicast_query_expired.constprop.0+0x16d/0x1b0<br /> call_timer_fn+0x3b/0x2a0<br /> __run_timers+0x619/0x950<br /> run_timer_softirq+0x11c/0x220<br /> handle_softirqs+0x18e/0x560<br /> __irq_exit_rcu+0x158/0x1a0<br /> sysvec_apic_timer_interrupt+0x76/0x90<br /> <br /> <br /> This issue can be reproduced with:<br /> ip link add br0 type bridge<br /> echo 1 &gt; /sys/class/net/br0/bridge/multicast_querier<br /> echo 0xffffffffffffffff &gt;<br /> /sys/class/net/br0/bridge/multicast_query_interval<br /> ip link set dev br0 up<br /> <br /> The multicast_startup_query_interval can also cause this issue. Similar to<br /> the commit 99b40610956a ("net: bridge: mcast: add and enforce query<br /> interval minimum"), add check for the query interval maximum to fix this<br /> issue.

Impact

References to Advisories, Solutions, and Tools