Acknowledged
Created: Sep 7, 2025
Updated: Sep 8, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]netfilter: nf_reject: don't leak dst refcount for loopback packets[EOL][EOL]recent patches to add a WARN() when replacing skb dst entry found an[EOL]old bug:[EOL][EOL]WARNING: include/linux/skbuff.h:1165 skb_dst_check_unset include/linux/skbuff.h:1164 [inline][EOL]WARNING: include/linux/skbuff.h:1165 skb_dst_set include/linux/skbuff.h:1210 [inline][EOL]WARNING: include/linux/skbuff.h:1165 nf_reject_fill_skb_dst+0x2a4/0x330 net/ipv4/netfilter/nf_reject_ipv4.c:234[EOL][..][EOL]Call Trace:[EOL] nf_send_unreach+0x17b/0x6e0 net/ipv4/netfilter/nf_reject_ipv4.c:325[EOL] nft_reject_inet_eval+0x4bc/0x690 net/netfilter/nft_reject_inet.c:27[EOL] expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline][EOL] ..[EOL][EOL]This is because blamed commit forgot about loopback packets.[EOL]Such packets already have a dst_entry attached, even at PRE_ROUTING stage.[EOL][EOL]Instead of checking hook just check if the skb already has a route[EOL]attached to it.
CREATE(Triage):(User=admin) [CVE-2025-38732 (https://nvd.nist.gov/vuln/detail/CVE-2025-38732)
