SB2025070411 - Memory leak in Linux kernel netfilter
Published: July 4, 2025
Security Bulletin ID
SB2025070411
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2025-38120)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_pipapo_avx2_estimate() and nft_pipapo_avx2_lookup() functions in net/netfilter/nft_set_pipapo_avx2.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/251496ce1728c9fd47bd2b20a7b21b20b9a020ca
- https://git.kernel.org/stable/c/39bab2d3517b5b50c609b4f8c66129bf619fffa0
- https://git.kernel.org/stable/c/8068e1e42b46518ce680dc6470bcd710efc3fa0a
- https://git.kernel.org/stable/c/90bc7f5a244aadee4292b28098b7c98aadd4b3aa
- https://git.kernel.org/stable/c/b5ad58285f9217d68cd5ea2ad86ce254a3fe7c4d
- https://git.kernel.org/stable/c/ea77c397bff8b6d59f6d83dae1425b08f465e8b5