CVE-2025-38162
Published: Jul 3, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation When calculating the lookup table size, ensure the following multiplication does not overflow: - desc->field_len[] maximum value is U8_MAX multiplied by NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case. - NFT_PIPAPO_BUCKETS(f->bb) is 2^8, worst case. - sizeof(unsigned long), from sizeof(*f->lt), lt in struct nft_pipapo_field. Then, use check_mul_overflow() to multiply by bucket size and then use check_add_overflow() to the alignment for avx2 (if needed). Finally, add lt_size_check_overflow() helper and use it to consolidate this. While at it, replace leftover allocation using the GFP_KERNEL to GFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 3c4287f62044a90e73a561aa05fc46e62da173da - < 91edc076439c9e2f34b176149f1c84a47a8ec32faffected 3c4287f62044a90e73a561aa05fc46e62da173da - < a9e757473561da93c6a4136f0e59aba91ec777fcaffected 3c4287f62044a90e73a561aa05fc46e62da173da - < c1360ac8156c0a3f2385baef91d8d26fd9d39701affected 3c4287f62044a90e73a561aa05fc46e62da173da - < 43fe1181f738295624696ae9ff611790edb65b5eaffected 3c4287f62044a90e73a561aa05fc46e62da173da - < 4c5c6aa9967dbe55bd017bb509885928d0f31206 |
Linux | Linux | affected 5.6unaffected 0 - < 5.6unaffected 6.1.167 - <= 6.1.*unaffected 6.6.125 - <= 6.6.*unaffected 6.12.34 - <= 6.12.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now