Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2025-38201

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX

Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset.

Similar to:

b541ba7d1f5a ("netfilter: conntrack: clamp maximum hashtable size to INT_MAX")

  • Published: Jul 4, 2025
  • Updated: Nov 19, 2025
  • CVE: CVE-2025-38201
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Software From Fixed in
linux / linux_kernel 5.6 6.12.35
linux / linux_kernel 6.13 6.15.4