CVE-2025-22064

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: don't unregister hook when table is dormant

When nf_tables_updchain encounters an error, hook registration needs to
be rolled back.

This should only be done if the hook has been registered, which won't
happen when the table is flagged as dormant (inactive).

Just move the assignment into the registration block.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bookworm
6.1.137-1
not-affected
bullseye (security)
5.10.237-1
fixed
bookworm (security)
6.1.140-1
fixed
trixie
6.12.27-1
fixed
sid
6.12.30-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/03d1fb457b696c18fe15661440c4f052b2374e7e
https://git.kernel.org/stable/c/6134d1ea1e1408e8e7c8c26545b3b301cbdf1eda
https://git.kernel.org/stable/c/688c15017d5cd5aac882400782e7213d40dc3556
https://git.kernel.org/stable/c/ce571eba07d54e3637bf334bc48376fbfa55defe
https://git.kernel.org/stable/c/feb1fa2a03a27fec7001e93e4223be4120d1784b