Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-39773— net: bridge: fix soft lockup in br_multicast_query_expired()

EPSS 0.01% · P3

Affected Version Matrix 14

VendorProductVersion RangeStatus
LinuxLinuxd902eee43f1951b358d7347d9165c6af21cf7b1b< 34171b9e53bd1dc264f5556579f2b04f04435c73affected
d902eee43f1951b358d7347d9165c6af21cf7b1b< 43e281fde5e76a866a4d10780c35023f16c0e432affected
d902eee43f1951b358d7347d9165c6af21cf7b1b< 96476b043efb86a94f2badd260f7f99c97bd5893affected
d902eee43f1951b358d7347d9165c6af21cf7b1b< bdb19cd0de739870bb3494c815138b9dc30875c4affected
d902eee43f1951b358d7347d9165c6af21cf7b1b< 5bf5fce8a0c2a70d063af778fdb5b27238174cddaffected
d902eee43f1951b358d7347d9165c6af21cf7b1b< d1547bf460baec718b3398365f8de33d25c5f36faffected
2.6.34affected
< 2.6.34unaffected
… +6 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-39773

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
net: bridge: fix soft lockup in br_multicast_query_expired()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix soft lockup in br_multicast_query_expired() When set multicast_query_interval to a large value, the local variable 'time' in br_multicast_send_query() may overflow. If the time is smaller than jiffies, the timer will expire immediately, and then call mod_timer() again, which creates a loop and may trigger the following soft lockup issue. watchdog: BUG: soft lockup - CPU#1 stuck for 221s! [rb_consumer:66] CPU: 1 UID: 0 PID: 66 Comm: rb_consumer Not tainted 6.16.0+ #259 PREEMPT(none) Call Trace: <IRQ> __netdev_alloc_skb+0x2e/0x3a0 br_ip6_multicast_alloc_query+0x212/0x1b70 __br_multicast_send_query+0x376/0xac0 br_multicast_send_query+0x299/0x510 br_multicast_query_expired.constprop.0+0x16d/0x1b0 call_timer_fn+0x3b/0x2a0 __run_timers+0x619/0x950 run_timer_softirq+0x11c/0x220 handle_softirqs+0x18e/0x560 __irq_exit_rcu+0x158/0x1a0 sysvec_apic_timer_interrupt+0x76/0x90 </IRQ> This issue can be reproduced with: ip link add br0 type bridge echo 1 > /sys/class/net/br0/bridge/multicast_querier echo 0xffffffffffffffff > /sys/class/net/br0/bridge/multicast_query_interval ip link set dev br0 up The multicast_startup_query_interval can also cause this issue. Similar to the commit 99b40610956a ("net: bridge: mcast: add and enforce query interval minimum"), add check for the query interval maximum to fix this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于br_multicast_query_expired函数中multicast_query_interval设置过大导致时间溢出,可能触发软锁定问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux d902eee43f1951b358d7347d9165c6af21cf7b1b ~ 34171b9e53bd1dc264f5556579f2b04f04435c73 -
LinuxLinux 2.6.34 -

II. Public POCs for CVE-2025-39773

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-39773

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-09-11 · 54 CVEs total

CVE-2025-39774iio: adc: rzg2l_adc: Set driver data before enabling runtime PM
CVE-2025-39791dm: dm-crypt: Do not partially accept write BIOs with zoned targets
CVE-2025-39785drm/hisilicon/hibmc: fix irq_request()'s irq name variable is local
CVE-2025-39788scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
CVE-2025-39787soc: qcom: mdt_loader: Ensure we don't read past the ELF header
CVE-2025-39786iio: adc: ad7173: fix channels index for syscalib_mode
CVE-2025-39789crypto: x86/aegis - Add missing error checks
CVE-2025-39777crypto: acomp - Fix CFI failure due to type punning
CVE-2025-39776mm/debug_vm_pgtable: clear page table entries at destroy_args()
CVE-2025-39775mm/mremap: fix WARN with uffd that has remap events disabled
CVE-2025-39779btrfs: subpage: keep TOWRITE tag until folio is cleaned
CVE-2025-39772drm/hisilicon/hibmc: fix the hibmc loaded failed bug
CVE-2025-39771regulator: pca9450: Use devm_register_sys_off_handler
CVE-2025-39770net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM
CVE-2025-39769bnxt_en: Fix lockdep warning during rmmod
CVE-2025-39768net/mlx5: HWS, fix complex rules rehash error flow
CVE-2025-39766net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
CVE-2025-39767LoongArch: Optimize module load time by optimizing PLT/GOT counting
CVE-2025-39765ALSA: timer: fix ida_free call while not allocated
CVE-2025-39764netfilter: ctnetlink: remove refcounting in expectation dumpers

Showing top 20 of 54 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2025-39773

No comments yet

Leave a comment