Linux Kernel Netfilter Overflow Vulnerability in Nft_Set_Pipapo Lookup Table Allocation

Vulnerability

A vulnerability in the Linux kernel's netfilter component has been addressed. This issue involved the nft_set_pipapo feature, where improper calculations could lead to overflow during lookup table allocation. The vulnerability arose because the maximum value of the field length could be multiplied in a way that exceeded expected limits, particularly when considering certain worst-case scenarios. The resolution ensures that such multiplications are checked for overflow before being used to allocate memory, preventing potential exploitation.

Impact

Exploitation of this vulnerability could lead to memory allocation errors, allowing for possible overflow conditions that could be exploited.

Added: Jul 3, 2025, 9:37 AM

Updated: Jul 3, 2025, 9:37 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Netfilter Overflow Vulnerability in Nft_Set_Pipapo Lookup Table Allocation

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating