{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-22110","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.820Z","datePublished":"2025-04-16T14:12:57.061Z","dateUpdated":"2026-05-11T21:13:09.695Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:13:09.695Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error\n\nIt is possible that ctx in nfqnl_build_packet_message() could be used\nbefore it is properly initialize, which is only initialized\nby nfqnl_get_sk_secctx().\n\nThis patch corrects this problem by initializing the lsmctx to a safe\nvalue when it is declared.\n\nThis is similar to the commit 35fcac7a7c25\n(\"audit: Initialize lsmctx to avoid memory allocation error\")."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nfnetlink_queue.c"],"versions":[{"version":"2d470c778120d3cdb8d8ab250329ca85f49f12b1","lessThan":"ddbf7e1d82a1d0c1d3425931a6cb1b83f8454759","status":"affected","versionType":"git"},{"version":"2d470c778120d3cdb8d8ab250329ca85f49f12b1","lessThan":"778b09d91baafb13408470c721d034d6515cfa5a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nfnetlink_queue.c"],"versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","status":"unaffected","versionType":"semver"},{"version":"6.14.2","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.14.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ddbf7e1d82a1d0c1d3425931a6cb1b83f8454759"},{"url":"https://git.kernel.org/stable/c/778b09d91baafb13408470c721d034d6515cfa5a"}],"title":"netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error","x_generator":{"engine":"bippy-1.2.0"}}}}