| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025030630-CVE-2025-21826-c263@gregkh> Date: Thu, 6 Mar 2025 17:04:31 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2025-21826: netfilter: nf_tables: reject mismatching sum of field_len with set key length Description =========== In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject mismatching sum of field_len with set key length The field length description provides the length of each separated key field in the concatenation, each field gets rounded up to 32-bits to calculate the pipapo rule width from pipapo_init(). The set key length provides the total size of the key aligned to 32-bits. Register-based arithmetics still allows for combining mismatching set key length and field length description, eg. set key length 10 and field description [ 5, 4 ] leading to pipapo width of 12. The Linux kernel CVE team has assigned CVE-2025-21826 to this issue. Affected and fixed versions =========================== Issue introduced in 6.1.75 with commit 9cb084df01e198119de477ac691d682fb01e80f3 and fixed in 6.1.129 with commit 2ac254343d3cf228ae0738b2615fedf85d000752 Issue introduced in 6.6.14 with commit dc45bb00e66a33de1abb29e3d587880e1d4d9a7e and fixed in 6.6.76 with commit 82e491e085719068179ff6a5466b7387cc4bbf32 Issue introduced in 6.8 with commit 3ce67e3793f48c1b9635beb9bb71116ca1e51b58 and fixed in 6.12.13 with commit 49b7182b97bafbd5645414aff054b4a65d05823d Issue introduced in 6.8 with commit 3ce67e3793f48c1b9635beb9bb71116ca1e51b58 and fixed in 6.13.2 with commit ab50d0eff4a939d20c37721fd9766347efcdb6f6 Issue introduced in 6.8 with commit 3ce67e3793f48c1b9635beb9bb71116ca1e51b58 and fixed in 6.14-rc1 with commit 1b9335a8000fb70742f7db10af314104b6ace220 Issue introduced in 5.10.209 with commit 2d4c0798a1ef8db15b3277697ac2def4eda42312 Issue introduced in 5.15.148 with commit 77be8c495a3f841e88b46508cc20d3d7d3289da3 Issue introduced in 6.7.2 with commit ff67e3e488090908dc015ba04d7407d8bd467f7e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-21826 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/netfilter/nf_tables_api.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2ac254343d3cf228ae0738b2615fedf85d000752 https://git.kernel.org/stable/c/82e491e085719068179ff6a5466b7387cc4bbf32 https://git.kernel.org/stable/c/49b7182b97bafbd5645414aff054b4a65d05823d https://git.kernel.org/stable/c/ab50d0eff4a939d20c37721fd9766347efcdb6f6 https://git.kernel.org/stable/c/1b9335a8000fb70742f7db10af314104b6ace220
Powered by blists - more mailing lists