CVE-2025-39773

EUVD-2025-28939
In the Linux kernel, the following vulnerability has been resolved:

net: bridge: fix soft lockup in br_multicast_query_expired()

When set multicast_query_interval to a large value, the local variable
'time' in br_multicast_send_query() may overflow. If the time is smaller
than jiffies, the timer will expire immediately, and then call mod_timer()
again, which creates a loop and may trigger the following soft lockup
issue.

  watchdog: BUG: soft lockup - CPU#1 stuck for 221s! [rb_consumer:66]
  CPU: 1 UID: 0 PID: 66 Comm: rb_consumer Not tainted 6.16.0+ #259 PREEMPT(none)
  Call Trace:
   <IRQ>
   __netdev_alloc_skb+0x2e/0x3a0
   br_ip6_multicast_alloc_query+0x212/0x1b70
   __br_multicast_send_query+0x376/0xac0
   br_multicast_send_query+0x299/0x510
   br_multicast_query_expired.constprop.0+0x16d/0x1b0
   call_timer_fn+0x3b/0x2a0
   __run_timers+0x619/0x950
   run_timer_softirq+0x11c/0x220
   handle_softirqs+0x18e/0x560
   __irq_exit_rcu+0x158/0x1a0
   sysvec_apic_timer_interrupt+0x76/0x90
   </IRQ>

This issue can be reproduced with:
  ip link add br0 type bridge
  echo 1 > /sys/class/net/br0/bridge/multicast_querier
  echo 0xffffffffffffffff >
  	/sys/class/net/br0/bridge/multicast_query_interval
  ip link set dev br0 up

The multicast_startup_query_interval can also cause this issue. Similar to
the commit 99b40610956a ("net: bridge: mcast: add and enforce query
interval minimum"), add check for the query interval maximum to fix this
issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
siemens-SADPADP
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
2.6.34 ≤
𝑥
< 5.15.190
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.149
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.103
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.44
linuxlinux_kernel
6.13 ≤
𝑥
< 6.16.4
linuxlinux_kernel
6.17:rc1
linuxlinux_kernel
6.17:rc2
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
SiemensSIMATIC CN 4100
𝑥
< V5.0
ADP
SiemensSIMATIC S7-1500 CPU 1518-4 PN/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
SiemensSIMATIC S7-1500 CPU 1518-4 PN/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
SiemensSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
SiemensSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
SiemensSIPLUS S7-1500 CPU 1518-4 PN/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
siemenssimatic_cn_4100
𝑥
< 5.0
ADP
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.176-1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.13-1
fixed
sid
7.1.3-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.94-1
fixed
linux-6.1
bullseye (security)
6.1.176-1~deb11u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
dlm-kmp-default
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
gfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
kernel-64kb
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.19.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.19.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.19.1
fixed
kernel-azure
suse enterprise sap 15 SP6
6.4.0-150600.8.52.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.20.15.2
fixed
suse enterprise server 15 SP6
6.4.0-150600.8.52.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.15.2
fixed
kernel-default
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.19.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.19.1
fixed
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.19.1
fixed
kernel-default-base
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1.150600.12.32.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.19.1.150700.17.13.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1.150600.12.32.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.19.1.150700.17.13.1
fixed
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1.150600.12.32.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.19.1.150700.17.13.1
fixed
kernel-default-man
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
kernel-obs-build
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.19.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.19.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.19.1
fixed
kernel-source
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.19.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.19.1
fixed
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.19.1
fixed
kernel-source-azure
suse enterprise sap 15 SP6
6.4.0-150600.8.52.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.20.15.2
fixed
suse enterprise server 15 SP6
6.4.0-150600.8.52.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.15.2
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.19.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.19.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.73.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.19.1
fixed
ocfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bpftool
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
bpftool-debuginfo
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
bpftool6.12
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
bpftool6.12-debuginfo
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-debuginfo
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-debuginfo-common-aarch64
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-debuginfo-common-x86_64
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-devel
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-headers
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-libbpf
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-libbpf-debuginfo
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-libbpf-devel
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-libbpf-static
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-livepatch-4.14.355-280.706
Amazon Linux 2
0:1.0-0.amzn2
fixed
kernel-livepatch-6.1.150-174.273
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-livepatch-6.12.46-66.121
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-modules-extra
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-modules-extra-common
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-tools
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-tools-debuginfo
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel-tools-devel
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
kernel6.12
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-debuginfo
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-debuginfo-common-aarch64
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-debuginfo-common-x86_64
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-devel
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-headers
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-libbpf
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-libbpf-debuginfo
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-libbpf-devel
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-libbpf-static
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-modules-extra
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-modules-extra-common
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-tools
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-tools-debuginfo
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
kernel6.12-tools-devel
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
perf
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
perf-debuginfo
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
perf6.12
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
perf6.12-debuginfo
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
python-perf
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
python-perf-debuginfo
Amazon Linux 2
0:4.14.355-280.706.amzn2
fixed
python3-perf
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
python3-perf-debuginfo
Amazon Linux 2023
1:6.1.150-174.273.amzn2023
fixed
python3-perf6.12
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
python3-perf6.12-debuginfo
Amazon Linux 2023
1:6.12.46-66.121.amzn2023
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
kernel
Azure Linux 3.0
0:6.6.104.2-1.azl3
fixed
CBL-Mariner 2.0
0:5.15.200.1-1.cm2
fixed