VYPR
Unrated severityNVD Advisory· Published Jul 3, 2025· Updated Dec 6, 2025

netfilter: nf_set_pipapo_avx2: fix initial map fill

CVE-2025-38120

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_set_pipapo_avx2: fix initial map fill

If the first field doesn't cover the entire start map, then we must zero out the remainder, else we leak those bits into the next match round map.

The early fix was incomplete and did only fix up the generic C implementation.

A followup patch adds a test case to nft_concat_range.sh.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

227

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.