CVE-2025-38162

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation When calculating the lookup table size, ensure the following multiplication does not overflow: - desc->field_len[] maximum value is U8_MAX multiplied by NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case. - NFT_PIPAPO_BUCKETS(f->bb) is 2^8, worst case. - sizeof(unsigned long), from sizeof(*f->lt), lt in struct nft_pipapo_field. Then, use check_mul_overflow() to multiply by bucket size and then use check_add_overflow() to the alignment for avx2 (if needed). Finally, add lt_size_check_overflow() helper and use it to consolidate this. While at it, replace leftover allocation using the GFP_KERNEL to GFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().

Reserved 2025-04-16 | Published 2025-07-03 | Updated 2025-07-03 | Assigner Linux

Product status

Default status
unaffected

3c4287f62044a90e73a561aa05fc46e62da173da before c1360ac8156c0a3f2385baef91d8d26fd9d39701
affected

3c4287f62044a90e73a561aa05fc46e62da173da before 43fe1181f738295624696ae9ff611790edb65b5e
affected

3c4287f62044a90e73a561aa05fc46e62da173da before 4c5c6aa9967dbe55bd017bb509885928d0f31206
affected

Default status
affected

5.6
affected

Any version before 5.6
unaffected

6.12.34
unaffected

6.15.3
unaffected

6.16-rc1
unaffected

References

git.kernel.org/...c/c1360ac8156c0a3f2385baef91d8d26fd9d39701

git.kernel.org/...c/43fe1181f738295624696ae9ff611790edb65b5e

git.kernel.org/...c/4c5c6aa9967dbe55bd017bb509885928d0f31206

cve.org (CVE-2025-38162)

nvd.nist.gov (CVE-2025-38162)

Download JSON