CVE-2025-38162

Source
https://cve.org/CVERecord?id=CVE-2025-38162
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38162.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38162
Downstream
Related
Published
2025-07-03T08:36:03.731Z
Modified
2026-06-18T03:54:50.240572141Z
Summary
netfilter: nft_set_pipapo: prevent overflow in lookup table allocation
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nftsetpipapo: prevent overflow in lookup table allocation

When calculating the lookup table size, ensure the following multiplication does not overflow:

  • desc->fieldlen[] maximum value is U8MAX multiplied by NFTPIPAPOGROUPSPERBYTE(f) that can be 2, worst case.
  • NFTPIPAPOBUCKETS(f->bb) is 2^8, worst case.
  • sizeof(unsigned long), from sizeof(*f->lt), lt in struct nftpipapofield.

Then, use checkmuloverflow() to multiply by bucket size and then use checkaddoverflow() to the alignment for avx2 (if needed). Finally, add ltsizecheck_overflow() helper and use it to consolidate this.

While at it, replace leftover allocation using the GFPKERNEL to GFPKERNELACCOUNT for consistency, in pipaporesize().

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38162.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3c4287f62044a90e73a561aa05fc46e62da173da
Fixed
91edc076439c9e2f34b176149f1c84a47a8ec32f
Fixed
a9e757473561da93c6a4136f0e59aba91ec777fc
Fixed
c1360ac8156c0a3f2385baef91d8d26fd9d39701
Fixed
43fe1181f738295624696ae9ff611790edb65b5e
Fixed
4c5c6aa9967dbe55bd017bb509885928d0f31206

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38162.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.6.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.125
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.34
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.3

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38162.json"