VYPR
Medium severity5.5NVD Advisory· Published Mar 6, 2025· Updated May 12, 2026

CVE-2025-21826

CVE-2025-21826

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: reject mismatching sum of field_len with set key length

The field length description provides the length of each separated key field in the concatenation, each field gets rounded up to 32-bits to calculate the pipapo rule width from pipapo_init(). The set key length provides the total size of the key aligned to 32-bits.

Register-based arithmetics still allows for combining mismatching set key length and field length description, eg. set key length 10 and field description [ 5, 4 ] leading to pipapo width of 12.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

79

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.