CVE-2025-21826

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject mismatching sum of field_len with set key length The field length description provides the length of each separated key field in the concatenation, each field gets rounded up to 32-bits to calculate the pipapo rule width from pipapo_init(). The set key length provides the total size of the key aligned to 32-bits. Register-based arithmetics still allows for combining mismatching set key length and field length description, eg. set key length 10 and field description [ 5, 4 ] leading to pipapo width of 12.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1b9335a8000fb70742f7db10af314104b6ace220	Patch
https://git.kernel.org/stable/c/2ac254343d3cf228ae0738b2615fedf85d000752	Patch
https://git.kernel.org/stable/c/49b7182b97bafbd5645414aff054b4a65d05823d	Patch
https://git.kernel.org/stable/c/5083a7ae45003456c253e981b30a43f71230b4a3	Patch
https://git.kernel.org/stable/c/6b467c8feac759f4c5c86d708beca2aa2b29584f	Patch
https://git.kernel.org/stable/c/82e491e085719068179ff6a5466b7387cc4bbf32	Patch
https://git.kernel.org/stable/c/ab50d0eff4a939d20c37721fd9766347efcdb6f6	Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-03-06 16:15

Updated : 2025-11-03 21:19

NVD link : CVE-2025-21826

Mitre link : CVE-2025-21826

CVE.ORG link : CVE-2025-21826

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-21826", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-03-06T16:15:54.863", "references": [{"url": "https://git.kernel.org/stable/c/1b9335a8000fb70742f7db10af314104b6ace220", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2ac254343d3cf228ae0738b2615fedf85d000752", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/49b7182b97bafbd5645414aff054b4a65d05823d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5083a7ae45003456c253e981b30a43f71230b4a3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6b467c8feac759f4c5c86d708beca2aa2b29584f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/82e491e085719068179ff6a5466b7387cc4bbf32", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ab50d0eff4a939d20c37721fd9766347efcdb6f6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject mismatching sum of field_len with set key length\n\nThe field length description provides the length of each separated key\nfield in the concatenation, each field gets rounded up to 32-bits to\ncalculate the pipapo rule width from pipapo_init(). The set key length\nprovides the total size of the key aligned to 32-bits.\n\nRegister-based arithmetics still allows for combining mismatching set\nkey length and field length description, eg. set key length 10 and field\ndescription [ 5, 4 ] leading to pipapo width of 12."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: rechaza la suma no coincidente de field_len con la longitud de la clave establecida La descripci\u00f3n de la longitud del campo proporciona la longitud de cada campo de clave separado en la concatenaci\u00f3n, cada campo se redondea a 32 bits para calcular el ancho de la regla pipapo desde pipapo_init(). La longitud de la clave establecida proporciona el tama\u00f1o total de la clave alineada a 32 bits. La aritm\u00e9tica basada en registros a\u00fan permite combinar la longitud de la clave establecida y la descripci\u00f3n de la longitud del campo no coincidentes, p. ej., la longitud de la clave establecida 10 y la descripci\u00f3n del campo [ 5, 4 ], lo que lleva a un ancho de pipapo de 12."}], "lastModified": "2025-11-03T21:19:13.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEED5193-853E-4E5D-AA62-A0AFC1D0F7BF", "versionEndExcluding": "5.10.235", "versionStartIncluding": "5.10.209"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0752DD8C-9CDA-4643-961C-F270429E1783", "versionEndExcluding": "5.15.179", "versionStartIncluding": "5.15.148"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76D27B0C-A7F0-4A0A-8A22-DC959D5AE7B3", "versionEndExcluding": "6.1.129", "versionStartIncluding": "6.1.75"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6FF9F73-55C5-4A3D-9163-1BD9425AD424", "versionEndExcluding": "6.6.76", "versionStartIncluding": "6.6.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6E77346-E77B-410B-9535-E9CCBE7C4E8D", "versionEndExcluding": "6.12.13", "versionStartIncluding": "6.7.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D4116B1-1BFD-4F23-BA84-169CC05FC5A3", "versionEndExcluding": "6.13.2", "versionStartIncluding": "6.13"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}