GHSA-rh5v-2xrc-gj9x · Severity: medium — In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove...
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then use that as the skip hint for dump resumption. AFAICS this has the same issue as the one resolved in the conntrack dumper, when we do if (!refcount_inc_not_zero(&exp->use)) to increment the refcount, there is a chance that exp == last, which causes a double-increment of the refcount and subsequent memory leak.
Conclusion & alert: CVE-2025-39764 is rated Low Risk (23.1/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.02%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-09-12 | — | 0.02% | — |
Full EPSS history (1 record total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.5 | 3.1 | MEDIUM |
|
1.8 | 3.6 | [email protected] |
GHSA-rh5v-2xrc-gj9x · Severity: medium — In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove...
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2025-39764 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. | https://security-tracker.debian.org/tracker/CVE-2025-39764 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2025-39764 |
suse
|
medium | CVE-2025-39764 severity moderate: SUSE including 467 source package names (2.1.3-6.80:kernel-default-base-6.4.0-35.1.21.12, 2.1.3-7.57:kernel-default-6.4.0-35.1, …), 948 product×package rows across 195 product lines (Container suse/sl-micro/6.0/base-os-container, Container suse/sl-micro/6.0/kvm-os-container, … (195 product lines)): Fixed 696, Known Affected 231, First Fixed 21. | https://www.suse.com/security/cve/CVE-2025-39764/ |
ubuntu
|
medium | CVE-2025-39764 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1414 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1017, ignored 180, needed 110, released 88, not-affected 17, needs-triage 2. | https://ubuntu.com/security/CVE-2025-39764 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| linux | linux_kernel | >= 2.6.23, < 6.16.2 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | 6.17 | cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:* |