Buffer Overflow in Linux Kernel's Netfilter Component
CVE-2025-38162

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38162?

A vulnerability has been identified in the Linux kernel's Netfilter component, which can lead to a buffer overflow during lookup table allocation. It occurs when calculating the size of the lookup table, specifically when the multiplication involved can exceed predefined limits. Proper checks, such as check_mul_overflow() and check_add_overflow(), have now been implemented to ensure that these multiplications and additions do not result in overflow. Additionally, the allocation process has been standardized by replacing GFP_KERNEL with GFP_KERNEL_ACCOUNT, enhancing the consistency of the resizing function in pipapo.

Affected Version(s)

Linux 3c4287f62044a90e73a561aa05fc46e62da173da

Linux 3c4287f62044a90e73a561aa05fc46e62da173da < 43fe1181f738295624696ae9ff611790edb65b5e

Linux 3c4287f62044a90e73a561aa05fc46e62da173da < 4c5c6aa9967dbe55bd017bb509885928d0f31206

References

https://git.kernel.org/stable/c/c1360ac8156c0a3f2385baef9...

https://git.kernel.org/stable/c/43fe1181f738295624696ae9f...

https://git.kernel.org/stable/c/4c5c6aa9967dbe55bd017bb50...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025