CVE-2025-38201

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-38201

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38201.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38201

Downstream

AZL-70418

BELL-CVE-2025-38201

CLSA-2026-1773045484

CLSA-2026-1773046198

CLSA-2026-1773047921

CLSA-2026-1773048865

CLSA-2026-1773139548

DEBIAN-CVE-2025-38201

DLA-4498-1

DLA-4499-1

DSA-6163-1

ECHO-6330-a7d5-3345

MINI-3m4x-55x5-hh6p

OESA-2025-2120

OESA-2025-2121

OESA-2025-2122

OESA-2025-2800

OESA-2025-2801

ROOT-OS-DEBIAN-11-CVE-2025-38201

ROOT-OS-DEBIAN-12-CVE-2025-38201

ROOT-OS-UBUNTU-2204-CVE-2025-38201

ROOT-OS-UBUNTU-2404-CVE-2025-38201

SUSE-SU-2025:03272-1

SUSE-SU-2025:03290-1

SUSE-SU-2025:03301-1

SUSE-SU-2025:03382-1

SUSE-SU-2025:03602-1

SUSE-SU-2025:03633-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20653-1

SUSE-SU-2025:20669-1

SUSE-SU-2025:20739-1

SUSE-SU-2025:20756-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

UBUNTU-CVE-2025-38201

USN-8278-1

USN-8289-1

USN-8296-1

openSUSE-SU-2025:20081-1

Related

Published

2025-07-04T13:37:22.732Z

Modified

2026-05-28T03:54:56.847268456Z

Summary

netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX

Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nftsetpipapo: clamp maximum map bucket size to INT_MAX

Otherwise, it is possible to hit WARNONONCE in __kvmallocnodenoprof() when resizing hashtable because _GFPNOWARN is unset.

Similar to:

b541ba7d1f5a ("netfilter: conntrack: clamp maximum hashtable size to INT_MAX")

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38201.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3c4287f62044a90e73a561aa05fc46e62da173da

Fixed

1fe27f97944017a9d3c5af4d6d95282bff0f1147

Fixed

4abccfb61f422300be014b8e734c63344306f009

Fixed

80417057ac60dd80f4816eb426e4e4a5bf696534

Fixed

df524a68d9021c1401965d610bb6e42ee5d9611e

Fixed

0ab3de047808f375a36cd345225572eb3366f3c6

Fixed

d2768016f091f8a5264076b433fd7c3fabb6eb97

Fixed

b85e3367a5716ed3662a4fe266525190d2af76df

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38201.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.6.0

Fixed

5.10.250

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.200

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.163

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.124

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.35

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.15.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38201.json"