CVE-2025-38639

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38639
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38639.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38639
Downstream
Related
Published
2025-08-22T16:00:45.953Z
Modified
2026-03-12T02:18:18.041149Z
Summary
netfilter: xt_nfacct: don't assume acct name is null-terminated
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_nfacct: don't assume acct name is null-terminated

BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 [..] string+0x231/0x2b0 lib/vsprintf.c:721 vsnprintf+0x739/0xf00 lib/vsprintf.c:2874 [..] nfacctmtcheckentry+0xd2/0xe0 net/netfilter/xtnfacct.c:41 xtcheckmatch+0x3d1/0xab0 net/netfilter/xtables.c:523

nfnlacctfind_get() handles non-null input, but the error printk relied on its presence.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38639.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ceb98d03eac5704820f2ac1f370c9ff385e3a9f5
Fixed
66d41268ede1e1b6e71ba28be923397ff0b2b9c3
Fixed
e021a1eee196887536a6630c5492c23a4c78d452
Fixed
b10cfa2de13d28ddd03210eb234422b7ec92725a
Fixed
e18939176e657a3a20bfbed357b8c55a9f82aba3
Fixed
58004aa21e79addaf41667bfe65e93ec51653f18
Fixed
7c1ae471da69c09242834e956218ea6a42dd405a
Fixed
58007fc7b94fb2702000045ff401eb7f5bde7828
Fixed
df13c9c6ce1d55c31d1bd49db65a7fbbd86aab13
Fixed
bf58e667af7d96c8eb9411f926a0a0955f41ce21

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38639.json"