CVE-2025-38162

EPSS 0.03%
Veröffentlicht 03.07.2025 08:36:03
Zuletzt bearbeitet 03.07.2025 15:13:53
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo: prevent overflow in lookup table allocation

When calculating the lookup table size, ensure the following
multiplication does not overflow:

- desc->field_len[] maximum value is U8_MAX multiplied by
  NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case.
- NFT_PIPAPO_BUCKETS(f->bb) is 2^8, worst case.
- sizeof(unsigned long), from sizeof(*f->lt), lt in
  struct nft_pipapo_field.

Then, use check_mul_overflow() to multiply by bucket size and then use
check_add_overflow() to the alignment for avx2 (if needed). Finally, add
lt_size_check_overflow() helper and use it to consolidate this.

While at it, replace leftover allocation using the GFP_KERNEL to
GFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c1360ac8156c0a3f2385baef91d8d26fd9d39701

Version 3c4287f62044a90e73a561aa05fc46e62da173da

Status affected

Version < 43fe1181f738295624696ae9ff611790edb65b5e

Version 3c4287f62044a90e73a561aa05fc46e62da173da

Status affected

Version < 4c5c6aa9967dbe55bd017bb509885928d0f31206

Version 3c4287f62044a90e73a561aa05fc46e62da173da

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.6

Status affected

Version < 5.6

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.34

Status unaffected

Version <= 6.15.*

Version 6.15.3

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.052

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/c1360ac8156c0a3f2385baef91d8d26fd9d39701

https://git.kernel.org/stable/c/43fe1181f738295624696ae9ff611790edb65b5e

https://git.kernel.org/stable/c/4c5c6aa9967dbe55bd017bb509885928d0f31206

https://nvd.nist.gov/vuln/detail/CVE-2025-38162

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38162

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38162

EUVD