CVE-2025-21826

netfilter: nf_tables: reject mismatching sum of field_len with set key length

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject mismatching sum of field_len with set key length The field length description provides the length of each separated key
field in the concatenation, each field gets rounded up to 32-bits to
calculate the pipapo rule width from pipapo_init(). The set key length
provides the total size of the key aligned to 32-bits. Register-based arithmetics still allows for combining mismatching set
key length and field length description, eg. set key length 10 and field
description [ 5, 4 ] leading to pipapo width of 12.

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject mismatching sum of field_len with set key length The field length description provides the length of each separated key field in the concatenation, each field gets rounded up to 32-bits to calculate the pipapo rule width from pipapo_init(). The set key length provides the total size of the key aligned to 32-bits. Register-based arithmetics still allows for combining mismatching set key length and field length description, eg. set key length 10 and field description [ 5, 4 ] leading to pipapo width of 12.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-29 CVE Reserved
2025-03-06 CVE Published
2025-03-06 CVE Updated
2025-03-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/9cb084df01e198119de477ac691d682fb01e80f3	Vuln. Introduced
https://git.kernel.org/stable/c/dc45bb00e66a33de1abb29e3d587880e1d4d9a7e	Vuln. Introduced
https://git.kernel.org/stable/c/3ce67e3793f48c1b9635beb9bb71116ca1e51b58	Vuln. Introduced
https://git.kernel.org/stable/c/2d4c0798a1ef8db15b3277697ac2def4eda42312	Vuln. Introduced
https://git.kernel.org/stable/c/77be8c495a3f841e88b46508cc20d3d7d3289da3	Vuln. Introduced
https://git.kernel.org/stable/c/ff67e3e488090908dc015ba04d7407d8bd467f7e	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/2ac254343d3cf228ae0738b2615fedf85d000752	2025-02-21
https://git.kernel.org/stable/c/82e491e085719068179ff6a5466b7387cc4bbf32	2025-02-08
https://git.kernel.org/stable/c/49b7182b97bafbd5645414aff054b4a65d05823d	2025-02-08
https://git.kernel.org/stable/c/ab50d0eff4a939d20c37721fd9766347efcdb6f6	2025-02-08
https://git.kernel.org/stable/c/1b9335a8000fb70742f7db10af314104b6ace220	2025-01-30

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.75 < 6.1.129 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.75 < 6.1.129"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.14 < 6.6.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.14 < 6.6.76"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.12.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.12.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.13.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.13.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8 < 6.14-rc1 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.14-rc1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.209 Search vendor "Linux" for product "Linux Kernel" and version "5.10.209"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15.148 Search vendor "Linux" for product "Linux Kernel" and version "5.15.148"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.7.2 Search vendor "Linux" for product "Linux Kernel" and version "6.7.2"		en		Affected