CVE-2025-38678

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nf_tables: reject duplicate device on updates<br /> <br /> A chain/flowtable update with duplicated devices in the same batch is<br /> possible. Unfortunately, netdev event path only removes the first<br /> device that is found, leaving unregistered the hook of the duplicated<br /> device.<br /> <br /> Check if a duplicated device exists in the transaction batch, bail out<br /> with EEXIST in such case.<br /> <br /> WARNING is hit when unregistering the hook:<br /> <br /> [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150<br /> [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)<br /> [...]<br /> [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150