CVE-2025-21826
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21826
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21826.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21826
- Downstream
- Related
- Published
- 2025-03-06T16:15:54Z
- Modified
- 2025-08-09T20:01:25Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: reject mismatching sum of fieldlen with set key length
The field length description provides the length of each separated key field in the concatenation, each field gets rounded up to 32-bits to calculate the pipapo rule width from pipapo_init(). The set key length provides the total size of the key aligned to 32-bits.
Register-based arithmetics still allows for combining mismatching set key length and field length description, eg. set key length 10 and field description [ 5, 4 ] leading to pipapo width of 12.
- References
-
- https://git.kernel.org/stable/c/1b9335a8000fb70742f7db10af314104b6ace220
- https://git.kernel.org/stable/c/2ac254343d3cf228ae0738b2615fedf85d000752
- https://git.kernel.org/stable/c/49b7182b97bafbd5645414aff054b4a65d05823d
- https://git.kernel.org/stable/c/5083a7ae45003456c253e981b30a43f71230b4a3
- https://git.kernel.org/stable/c/6b467c8feac759f4c5c86d708beca2aa2b29584f
- https://git.kernel.org/stable/c/82e491e085719068179ff6a5466b7387cc4bbf32
- https://git.kernel.org/stable/c/ab50d0eff4a939d20c37721fd9766347efcdb6f6