Back to search
CVE-2025-38120
Published: Jul 3, 2025
Modified: May 23, 2026
PUBLISHED
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo_avx2: fix initial map fill If the first field doesn't cover the entire start map, then we must zero out the remainder, else we leak those bits into the next match round map. The early fix was incomplete and did only fix up the generic C implementation. A followup patch adds a test case to nft_concat_range.sh.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 77bf0c4ab928ca4c9a99311f4f70ba0c17fecba9 - < 8164d0efaf370c425dc69a1e8216940d09e7de0caffected 957a4d1c4c5849e4515c9fb4db21bf85318103dc - < b5ad58285f9217d68cd5ea2ad86ce254a3fe7c4daffected 9625c46ce6fd4f922595a4b32b1de5066d70464f - < 90bc7f5a244aadee4292b28098b7c98aadd4b3aaaffected 69b6a67f7052905e928d75a0c5871de50e686986 - < 39bab2d3517b5b50c609b4f8c66129bf619fffa0affected 791a615b7ad2258c560f91852be54b0480837c93 - < 251496ce1728c9fd47bd2b20a7b21b20b9a020ca+7 more versions |
Linux | Linux | affected 6.11unaffected 0 - < 6.11unaffected 5.15.186 - <= 5.15.*unaffected 6.1.142 - <= 6.1.*unaffected 6.6.94 - <= 6.6.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now