In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftsetpipapo: prevent overflow in lookup table allocation
When calculating the lookup table size, ensure the following multiplication does not overflow:
Then, use checkmuloverflow() to multiply by bucket size and then use checkaddoverflow() to the alignment for avx2 (if needed). Finally, add ltsizecheck_overflow() helper and use it to consolidate this.
While at it, replace leftover allocation using the GFPKERNEL to GFPKERNELACCOUNT for consistency, in pipaporesize().