CVE-2025-38120

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38120
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38120.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-38120
Downstream
Related
Published
2025-07-03T09:15:26Z
Modified
2025-08-12T21:01:19Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfsetpipapo_avx2: fix initial map fill

If the first field doesn't cover the entire start map, then we must zero out the remainder, else we leak those bits into the next match round map.

The early fix was incomplete and did only fix up the generic C implementation.

A followup patch adds a test case to nftconcatrange.sh.

References

Affected packages