CVE-2025-38162

MEDIUM EPSS 3.6%
Published Jul 3, 202512mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 3, 2025 12mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation When calculating the lookup table size, ensure the following multiplication does not overflow: - desc->field_len[] maximum value is U8_MAX multiplied by NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case. - NFT_PIPAPO_BUCKETS(f->bb) is 2^8, worst case. - sizeof(unsigned long), from sizeof(*f->lt), lt in struct nft_pipapo_field. Then, use check_mul_overflow() to multiply by bucket size and then use check_add_overflow() to the alignment for avx2 (if needed). Finally, add lt_size_check_overflow() helper and use it to consolidate this. While at it, replace leftover allocation using the GFP_KERNEL to GFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥5.6  –  <6.12.34
linuxlinux_kernel*≥6.13  –  <6.15.3

References 5

  • git.kernel.org https://git.kernel.org/stable/c/43fe1181f738295624696ae9ff611790edb65b5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4c5c6aa9967dbe55bd017bb509885928d0f31206
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/91edc076439c9e2f34b176149f1c84a47a8ec32f
  • git.kernel.org https://git.kernel.org/stable/c/a9e757473561da93c6a4136f0e59aba91ec777fc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c1360ac8156c0a3f2385baef91d8d26fd9d39701
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/43fe1181f738295624696ae9ff611790edb65b5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4c5c6aa9967dbe55bd017bb509885928d0f31206
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a9e757473561da93c6a4136f0e59aba91ec777fc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c1360ac8156c0a3f2385baef91d8d26fd9d39701
    Patch