CVE-2025-22110 in Linux
Summary
by MITRE • 04/16/2025
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error
It is possible that ctx in nfqnl_build_packet_message() could be used before it is properly initialize, which is only initialized by nfqnl_get_sk_secctx().
This patch corrects this problem by initializing the lsmctx to a safe value when it is declared.
This is similar to the commit 35fcac7a7c25 ("audit: Initialize lsmctx to avoid memory allocation error").
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/15/2026
The vulnerability identified as CVE-2025-22110 resides within the Linux kernel's netfilter subsystem, specifically in the nfnetlink_queue component that handles packet queueing operations. This issue affects the nfqnl_build_packet_message() function where a context structure named ctx can potentially be utilized before proper initialization has occurred. The flaw represents a classic uninitialized variable vulnerability that could lead to unpredictable behavior and potential security implications within the kernel's packet filtering mechanisms.
The technical root cause stems from the improper initialization of the lsmctx structure within the nfqnl_build_packet_message() function. While the ctx variable is only properly initialized by the nfqnl_get_sk_secctx() function, there exists a code path where the context structure is accessed before this initialization occurs. This creates a scenario where memory contents from previous operations could be interpreted as valid security context data, leading to potential information disclosure or privilege escalation vectors. The vulnerability is classified under CWE-457 as the use of uninitialized variables, which directly impacts the integrity of security context handling within the kernel's netfilter framework.
The operational impact of this vulnerability extends beyond simple memory corruption, as it could enable malicious actors to manipulate packet queueing operations within the kernel's netfilter subsystem. An attacker with access to the system could potentially exploit this uninitialized variable to gain insights into security contexts or manipulate packet processing behavior, particularly when dealing with network filtering rules that depend on proper security context initialization. This vulnerability is particularly concerning in environments where kernel-level packet filtering and network security are critical components of the overall security posture, as it could undermine the integrity of network traffic monitoring and filtering operations.
The patch addressing this vulnerability follows established security practices by initializing the lsmctx structure to a safe default value upon declaration, similar to previous fixes implemented in the audit subsystem. This approach aligns with the principle of defensive programming and follows the pattern established in commit 35fcac7a7c25 which addressed analogous issues in the audit subsystem. The mitigation strategy ensures that all security context structures are properly initialized before use, preventing potential information leakage or exploitation opportunities. Organizations should prioritize applying this patch as part of their kernel security maintenance routine, particularly in environments where the netfilter subsystem is actively utilized for network traffic management and security enforcement. The fix demonstrates the importance of proper initialization practices in kernel code and reinforces the need for comprehensive code reviews focusing on security context handling within critical subsystems. This vulnerability represents a reminder of the critical importance of memory safety practices in kernel development, where uninitialized variables can create exploitable conditions that bypass normal security controls and potentially allow unauthorized access to system resources.