CVE-2025-21826
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21826
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21826.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21826
- Downstream
- Related
- Published
- 2025-03-06T16:04:32.274Z
- Modified
- 2025-11-28T02:35:51.553882Z
- Summary
- netfilter: nf_tables: reject mismatching sum of field_len with set key length
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: reject mismatching sum of fieldlen with set key length
The field length description provides the length of each separated key field in the concatenation, each field gets rounded up to 32-bits to calculate the pipapo rule width from pipapo_init(). The set key length provides the total size of the key aligned to 32-bits.
Register-based arithmetics still allows for combining mismatching set key length and field length description, eg. set key length 10 and field description [ 5, 4 ] leading to pipapo width of 12.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21826.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1b9335a8000fb70742f7db10af314104b6ace220
- https://git.kernel.org/stable/c/2ac254343d3cf228ae0738b2615fedf85d000752
- https://git.kernel.org/stable/c/49b7182b97bafbd5645414aff054b4a65d05823d
- https://git.kernel.org/stable/c/5083a7ae45003456c253e981b30a43f71230b4a3
- https://git.kernel.org/stable/c/6b467c8feac759f4c5c86d708beca2aa2b29584f
- https://git.kernel.org/stable/c/82e491e085719068179ff6a5466b7387cc4bbf32
- https://git.kernel.org/stable/c/ab50d0eff4a939d20c37721fd9766347efcdb6f6
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21826.json
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-21826
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2d4c0798a1ef8db15b3277697ac2def4eda42312Fixed6b467c8feac759f4c5c86d708beca2aa2b29584f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced77be8c495a3f841e88b46508cc20d3d7d3289da3Fixed5083a7ae45003456c253e981b30a43f71230b4a3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9cb084df01e198119de477ac691d682fb01e80f3Fixed2ac254343d3cf228ae0738b2615fedf85d000752
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddc45bb00e66a33de1abb29e3d587880e1d4d9a7eFixed82e491e085719068179ff6a5466b7387cc4bbf32
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3ce67e3793f48c1b9635beb9bb71116ca1e51b58Fixed49b7182b97bafbd5645414aff054b4a65d05823dFixedab50d0eff4a939d20c37721fd9766347efcdb6f6Fixed1b9335a8000fb70742f7db10af314104b6ace220
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedff67e3e488090908dc015ba04d7407d8bd467f7e
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.235
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.179
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.129
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.76
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.13
- Type
- ECOSYSTEM
- Events
-
Introduced6.8.0Fixed6.13.2