CVE-2025-39980
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-15

Last updated on: 2025-10-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of non-FDB nexthop groups with FDB nexthops: # ip nexthop add id 1 via 192.0.2.1 fdb # ip nexthop add id 2 group 1 Error: Non FDB nexthop group cannot have fdb nexthops. And vice versa: # ip nexthop add id 3 via 192.0.2.2 dev dummy1 # ip nexthop add id 4 group 3 fdb Error: FDB nexthop group can only have fdb nexthops. However, as long as no routes are pointing to a non-FDB nexthop group, the kernel allows changing the type of a nexthop from FDB to non-FDB and vice versa: # ip nexthop add id 5 via 192.0.2.2 dev dummy1 # ip nexthop add id 6 group 5 # ip nexthop replace id 5 via 192.0.2.2 fdb # echo $? 0 This configuration is invalid and can result in a NPD [1] since FDB nexthops are not associated with a nexthop device: # ip route add 198.51.100.1/32 nhid 6 # ping 198.51.100.1 Fix by preventing nexthop FDB status change while the nexthop is in a group: # ip nexthop add id 7 via 192.0.2.2 dev dummy1 # ip nexthop add id 8 group 7 # ip nexthop replace id 7 via 192.0.2.2 fdb Error: Cannot change nexthop FDB status while in a group. [1] BUG: kernel NULL pointer dereference, address: 00000000000003c0 [...] Oops: Oops: 0000 [#1] SMP CPU: 6 UID: 0 PID: 367 Comm: ping Not tainted 6.17.0-rc6-virtme-gb65678cacc03 #1 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014 RIP: 0010:fib_lookup_good_nhc+0x1e/0x80 [...] Call Trace: <TASK> fib_table_lookup+0x541/0x650 ip_route_output_key_hash_rcu+0x2ea/0x970 ip_route_output_key_hash+0x55/0x80 __ip4_datagram_connect+0x250/0x330 udp_connect+0x2b/0x60 __sys_connect+0x9c/0xd0 __x64_sys_connect+0x18/0x20 do_syscall_64+0xa4/0x2a0 entry_SYSCALL_64_after_hwframe+0x4b/0x53
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-15
Last Modified
2025-10-16
Generated
2026-05-06
AI Q&A
2025-10-15
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39980
EUVD
EUVD-2025-34592
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.17.0-rc6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves improper handling of nexthop groups with FDB (Forwarding Database) status changes. The kernel previously allowed changing the FDB status of a nexthop while it was part of a group, which is invalid and can cause a kernel NULL pointer dereference (crash). Specifically, the kernel did not forbid changing a nexthop from FDB to non-FDB or vice versa when the nexthop was in a group, leading to an invalid configuration and potential system crash. The fix prevents changing the FDB status of a nexthop while it is in a group, ensuring stable and valid nexthop group configurations.


How can this vulnerability impact me? :

This vulnerability can cause a kernel crash (NULL pointer dereference) when invalid nexthop group configurations occur due to improper FDB status changes. Such crashes can lead to system instability, denial of service, and potential disruption of network routing functionality on affected Linux systems.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking for invalid nexthop configurations involving FDB and non-FDB nexthop groups. Use the following commands to inspect nexthop configurations and test for errors: # ip nexthop add id 1 via 192.0.2.1 fdb # ip nexthop add id 2 group 1 If you get an error like 'Non FDB nexthop group cannot have fdb nexthops', it indicates the kernel is enforcing the fix. Also, try replacing nexthop FDB status while in a group: # ip nexthop add id 7 via 192.0.2.2 dev dummy1 # ip nexthop add id 8 group 7 # ip nexthop replace id 7 via 192.0.2.2 fdb If you get an error 'Cannot change nexthop FDB status while in a group', the fix is applied. Otherwise, the system may be vulnerable. Additionally, look for kernel oops or NULL pointer dereference logs related to fib_lookup_good_nhc or ping failures to IPs routed via nexthop groups.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability immediately, ensure that your Linux kernel is updated to a version that includes the fix preventing nexthop FDB status changes while the nexthop is in a group. Avoid creating or modifying nexthop groups that mix FDB and non-FDB nexthops. Specifically, do not perform 'ip nexthop replace' commands that change FDB status on nexthops already in groups. Monitor and correct any invalid nexthop configurations to prevent kernel NULL pointer dereferences and system crashes.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart