CVE-2025-39773
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix soft lockup in br_multicast_query_expired() When set multicast_query_interval to a large value, the local variable 'time' in br_multicast_send_query() may overflow. If the time is smaller than jiffies, the timer will expire immediately, and then call mod_timer() again, which creates a loop and may trigger the following soft lockup issue. watchdog: BUG: soft lockup - CPU#1 stuck for 221s! [rb_consumer:66] CPU: 1 UID: 0 PID: 66 Comm: rb_consumer Not tainted 6.16.0+ #259 PREEMPT(none) Call Trace: <IRQ> __netdev_alloc_skb+0x2e/0x3a0 br_ip6_multicast_alloc_query+0x212/0x1b70 __br_multicast_send_query+0x376/0xac0 br_multicast_send_query+0x299/0x510 br_multicast_query_expired.constprop.0+0x16d/0x1b0 call_timer_fn+0x3b/0x2a0 __run_timers+0x619/0x950 run_timer_softirq+0x11c/0x220 handle_softirqs+0x18e/0x560 __irq_exit_rcu+0x158/0x1a0 sysvec_apic_timer_interrupt+0x76/0x90 </IRQ> This issue can be reproduced with: ip link add br0 type bridge echo 1 > /sys/class/net/br0/bridge/multicast_querier echo 0xffffffffffffffff > /sys/class/net/br0/bridge/multicast_query_interval ip link set dev br0 up The multicast_startup_query_interval can also cause this issue. Similar to the commit 99b40610956a ("net: bridge: mcast: add and enforce query interval minimum"), add check for the query interval maximum to fix this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2025-11-03
Generated
2026-05-06
AI Q&A
2025-09-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39773
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a soft lockup issue in the Linux kernel's network bridge code. When the multicast_query_interval is set to a very large value, a local variable 'time' in the function br_multicast_send_query() can overflow. This causes the timer to expire immediately and repeatedly call mod_timer(), creating a loop that leads to a CPU soft lockup, where the CPU becomes stuck and unresponsive for an extended period.


How can this vulnerability impact me? :

The vulnerability can cause a CPU soft lockup, meaning the affected CPU core can become stuck and unresponsive for a long time. This can degrade system performance, cause network disruptions, and potentially lead to denial of service conditions on systems using the Linux kernel's bridge functionality with multicast enabled.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for soft lockup warnings related to the bridge multicast query timer in the system logs, such as messages like 'watchdog: BUG: soft lockup - CPU#1 stuck for ...'. Additionally, you can attempt to reproduce the issue by creating a bridge interface and setting the multicast_query_interval to a very large value using the following commands: ip link add br0 type bridge echo 1 > /sys/class/net/br0/bridge/multicast_querier echo 0xffffffffffffffff > /sys/class/net/br0/bridge/multicast_query_interval ip link set dev br0 up If the system experiences a soft lockup or similar issues after these commands, the vulnerability is present.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding setting the multicast_query_interval and multicast_startup_query_interval to excessively large values that could cause the timer overflow and soft lockup. Ensure that your Linux kernel is updated to a version where this vulnerability is fixed, as the issue was resolved by adding checks for maximum query interval values to prevent overflow and soft lockups.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart