Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-38201

Опубликовано: 04 июл. 2025
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. Similar to: b541ba7d1f5a ("netfilter: conntrack: clamp maximum hashtable size to INT_MAX")

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelFix deferred
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelFix deferred
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise Linux 9kernelFix deferred
Red Hat Enterprise Linux 9kernel-rtFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2376379kernel: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX

EPSS

Процентиль: 1%
0.0001
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-38201

CVSS3: 7.8
ubuntu
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. Similar to: b541ba7d1f5a ("netfilter: conntrack: clamp maximum hashtable size to INT_MAX")

nvd логотип

CVE-2025-38201

CVSS3: 7.8
nvd
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. Similar to: b541ba7d1f5a ("netfilter: conntrack: clamp maximum hashtable size to INT_MAX")

msrc логотип

CVE-2025-38201

msrc
4 месяца назад

netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX

debian логотип

CVE-2025-38201

CVSS3: 7.8
debian
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: n ...

github логотип

GHSA-hvc5-q4hr-frqx

CVSS3: 7.8
github
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. Similar to: b541ba7d1f5a ("netfilter: conntrack: clamp maximum hashtable size to INT_MAX")

EPSS

Процентиль: 1%
0.0001
Низкий

4.4 Medium

CVSS3

Уязвимость CVE-2025-38201