Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-39867
CVE-2025-39867:
Linux Debian vulnerability analysis and mitigation
Overview
CVE-2025-39867 was initially reported on September 23, 2025, affecting the Linux kernel's netfilter component, specifically the nftsetpipapo functionality. The vulnerability was later rejected by its CVE Numbering Authority on September 29, 2025. The issue involved a null pointer dereference condition in empty set handling (NVD).
Technical details
The vulnerability stemmed from an incorrect check for a null scratch map in the netfilter's nftsetpipapo component. The problematic code change modified the condition from if (unlikely(!m || !*raw_cpu_ptr(m->scratch))) to if (unlikely(!raw_cpu_ptr(m->scratch))), which introduced the potential for a null dereference. This issue could only be reproduced on systems without AVX2 support (NVD).
Additional resources
Source: This report was generated using AI
Related Linux Debian vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management