CVE-2025-38162 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation When calculating the lookup table size, ensure the following multiplication does not overflow: - desc->field_len[] maximum value is U8_MAX multiplied by NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case. - NFT_PIPAPO_BUCKETS(f->bb) is 2^8, worst case. - sizeof(unsigned long), from sizeof(*f->lt), lt in struct nft_pipapo_field. Then, use check_mul_overflow() to multiply by bucket size and then use check_add_overflow() to the alignment for avx2 (if needed). Finally, add lt_size_check_overflow() helper and use it to consolidate this. While at it, replace leftover allocation using the GFP_KERNEL to GFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().

PUBLISHED Reserved 2025-04-16 | Published 2025-07-03 | Updated 2026-05-11 | Assigner Linux

Product status

Default status

unaffected

3c4287f62044a90e73a561aa05fc46e62da173da (git) before 91edc076439c9e2f34b176149f1c84a47a8ec32f

affected

3c4287f62044a90e73a561aa05fc46e62da173da (git) before a9e757473561da93c6a4136f0e59aba91ec777fc

affected

3c4287f62044a90e73a561aa05fc46e62da173da (git) before c1360ac8156c0a3f2385baef91d8d26fd9d39701

affected

3c4287f62044a90e73a561aa05fc46e62da173da (git) before 43fe1181f738295624696ae9ff611790edb65b5e

affected

3c4287f62044a90e73a561aa05fc46e62da173da (git) before 4c5c6aa9967dbe55bd017bb509885928d0f31206

affected

Default status

affected

5.6

affected

Any version before 5.6

unaffected

6.1.167 (semver)

unaffected

6.6.125 (semver)

unaffected

6.12.34 (semver)

unaffected

6.15.3 (semver)

unaffected

6.16 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/91edc076439c9e2f34b176149f1c84a47a8ec32f

git.kernel.org/...c/a9e757473561da93c6a4136f0e59aba91ec777fc

git.kernel.org/...c/c1360ac8156c0a3f2385baef91d8d26fd9d39701

git.kernel.org/...c/43fe1181f738295624696ae9ff611790edb65b5e

git.kernel.org/...c/4c5c6aa9967dbe55bd017bb509885928d0f31206

cve.org (CVE-2025-38162)

nvd.nist.gov (CVE-2025-38162)

Download JSON

help @ threatint.eu