{"id":"CVE-2025-38678","summary":"netfilter: nf_tables: reject duplicate device on updates","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S                  6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150","modified":"2026-04-02T12:48:04.822205Z","published":"2025-09-03T13:01:15.799Z","related":["CGA-49hp-c8c6-m784","SUSE-SU-2025:03600-1","SUSE-SU-2025:03601-1","SUSE-SU-2025:03602-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:03636-1","SUSE-SU-2025:03638-1","SUSE-SU-2025:03643-1","SUSE-SU-2025:03646-1","SUSE-SU-2025:03648-1","SUSE-SU-2025:03650-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20873-1","SUSE-SU-2025:20874-1","SUSE-SU-2025:20875-1","SUSE-SU-2025:20876-1","SUSE-SU-2025:20877-1","SUSE-SU-2025:20878-1","SUSE-SU-2025:20879-1","SUSE-SU-2025:20880-1","SUSE-SU-2025:20881-1","SUSE-SU-2025:20882-1","SUSE-SU-2025:20883-1","SUSE-SU-2025:20884-1","SUSE-SU-2025:20885-1","SUSE-SU-2025:20886-1","SUSE-SU-2025:20887-1","SUSE-SU-2025:20888-1","SUSE-SU-2025:20889-1","SUSE-SU-2025:20890-1","SUSE-SU-2025:20891-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:20902-1","SUSE-SU-2025:20903-1","SUSE-SU-2025:20904-1","SUSE-SU-2025:20905-1","SUSE-SU-2025:20906-1","SUSE-SU-2025:20907-1","SUSE-SU-2025:20908-1","SUSE-SU-2025:20909-1","SUSE-SU-2025:20912-1","SUSE-SU-2025:20913-1","SUSE-SU-2025:20914-1","SUSE-SU-2025:20915-1","SUSE-SU-2025:20916-1","SUSE-SU-2025:20917-1","SUSE-SU-2025:20918-1","SUSE-SU-2025:20919-1","SUSE-SU-2025:20920-1","SUSE-SU-2025:20958-1","SUSE-SU-2025:20979-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3675-1","SUSE-SU-2025:3679-1","SUSE-SU-2025:3704-1","SUSE-SU-2025:3705-1","SUSE-SU-2025:3712-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3717-1","SUSE-SU-2025:3720-1","SUSE-SU-2025:3721-1","SUSE-SU-2025:3725-1","SUSE-SU-2025:3731-1","SUSE-SU-2025:3733-1","SUSE-SU-2025:3734-1","SUSE-SU-2025:3736-1","SUSE-SU-2025:3740-1","SUSE-SU-2025:3741-1","SUSE-SU-2025:3742-1","SUSE-SU-2025:3748-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:3755-1","SUSE-SU-2025:3761-1","SUSE-SU-2025:3762-1","SUSE-SU-2025:3764-1","SUSE-SU-2025:3765-1","SUSE-SU-2025:3768-1","SUSE-SU-2025:3769-1","SUSE-SU-2025:3770-1","SUSE-SU-2025:3771-1","SUSE-SU-2025:3772-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38678.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0521e694d5b80899fba8695881a6349f9bc538cb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3f358a66a04513311668ea4b40f5064e253d8386"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4681960bc0f4f8bcc782cbf2fd205f48ad314dfd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4ce2a0c3b8497a66cfc25fc7ca3d087258a785d2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cf23d531a9d496863aa4c5a0e2f71f0a23f3df3c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cf5fb87fcdaaaafec55dcc0dc5a9e15ead343973"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d7615bde541f16517d6790412da6ec46fa8a4c1f"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38678.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38678"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"78d9f48f7f44431a25da2b46b3a8812f6ff2b981"},{"fixed":"0521e694d5b80899fba8695881a6349f9bc538cb"},{"fixed":"4681960bc0f4f8bcc782cbf2fd205f48ad314dfd"},{"fixed":"4ce2a0c3b8497a66cfc25fc7ca3d087258a785d2"},{"fixed":"3f358a66a04513311668ea4b40f5064e253d8386"},{"fixed":"cf23d531a9d496863aa4c5a0e2f71f0a23f3df3c"},{"fixed":"d7615bde541f16517d6790412da6ec46fa8a4c1f"},{"fixed":"cf5fb87fcdaaaafec55dcc0dc5a9e15ead343973"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38678.json"}}],"schema_version":"1.7.5"}