CVE-2025-22064: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was identified in the Linux kernel's netfilter subsystem (CVE-2025-22064), specifically in the nf_tables component. The issue was discovered and disclosed on April 16, 2025, affecting various Linux distributions including Ubuntu, Debian, and Red Hat. The vulnerability relates to improper hook registration handling when tables are in a dormant state (NVD, Ubuntu).

The vulnerability occurs in the nftablesupdchain function where hook registration rollback is performed incorrectly. Specifically, the function attempts to unregister hooks even when they haven't been registered due to the table being flagged as dormant (inactive). The fix involves moving the assignment operation into the registration block to ensure proper handling (NVD).

The vulnerability affects multiple Linux distributions including Ubuntu's newer releases (24.04 LTS noble, 24.10 oracular, and 25.04 plucky), while older versions (22.04 LTS jammy and earlier) are not affected. Similarly, in Debian, the vulnerability affects the trixie release but has been fixed in sid version 6.12.25-1 (Ubuntu, Debian).

The vulnerability has been patched in various Linux kernel versions. For Debian, the fix is available in version 6.12.25-1 for sid. Ubuntu has marked several releases as requiring updates, while older LTS releases (22.04 and earlier) are not affected. The fix involves a code modification to properly handle hook registration in the nf_tables component (Debian, Ubuntu).