{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-21826", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.775Z", "datePublished": "2025-03-06T16:04:32.274Z", "dateUpdated": "2026-05-12T12:03:59.800Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:07:16.254Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject mismatching sum of field_len with set key length\n\nThe field length description provides the length of each separated key\nfield in the concatenation, each field gets rounded up to 32-bits to\ncalculate the pipapo rule width from pipapo_init(). The set key length\nprovides the total size of the key aligned to 32-bits.\n\nRegister-based arithmetics still allows for combining mismatching set\nkey length and field length description, eg. set key length 10 and field\ndescription [ 5, 4 ] leading to pipapo width of 12."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "2d4c0798a1ef8db15b3277697ac2def4eda42312", "lessThan": "6b467c8feac759f4c5c86d708beca2aa2b29584f", "status": "affected", "versionType": "git"}, {"version": "77be8c495a3f841e88b46508cc20d3d7d3289da3", "lessThan": "5083a7ae45003456c253e981b30a43f71230b4a3", "status": "affected", "versionType": "git"}, {"version": "9cb084df01e198119de477ac691d682fb01e80f3", "lessThan": "2ac254343d3cf228ae0738b2615fedf85d000752", "status": "affected", "versionType": "git"}, {"version": "dc45bb00e66a33de1abb29e3d587880e1d4d9a7e", "lessThan": "82e491e085719068179ff6a5466b7387cc4bbf32", "status": "affected", "versionType": "git"}, {"version": "3ce67e3793f48c1b9635beb9bb71116ca1e51b58", "lessThan": "49b7182b97bafbd5645414aff054b4a65d05823d", "status": "affected", "versionType": "git"}, {"version": "3ce67e3793f48c1b9635beb9bb71116ca1e51b58", "lessThan": "ab50d0eff4a939d20c37721fd9766347efcdb6f6", "status": "affected", "versionType": "git"}, {"version": "3ce67e3793f48c1b9635beb9bb71116ca1e51b58", "lessThan": "1b9335a8000fb70742f7db10af314104b6ace220", "status": "affected", "versionType": "git"}, {"version": "ff67e3e488090908dc015ba04d7407d8bd467f7e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.235", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.179", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.129", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.76", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.13", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.2", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.209", "versionEndExcluding": "5.10.235"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.148", "versionEndExcluding": "5.15.179"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.75", "versionEndExcluding": "6.1.129"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.14", "versionEndExcluding": "6.6.76"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.12.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.13.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6b467c8feac759f4c5c86d708beca2aa2b29584f"}, {"url": "https://git.kernel.org/stable/c/5083a7ae45003456c253e981b30a43f71230b4a3"}, {"url": "https://git.kernel.org/stable/c/2ac254343d3cf228ae0738b2615fedf85d000752"}, {"url": "https://git.kernel.org/stable/c/82e491e085719068179ff6a5466b7387cc4bbf32"}, {"url": "https://git.kernel.org/stable/c/49b7182b97bafbd5645414aff054b4a65d05823d"}, {"url": "https://git.kernel.org/stable/c/ab50d0eff4a939d20c37721fd9766347efcdb6f6"}, {"url": "https://git.kernel.org/stable/c/1b9335a8000fb70742f7db10af314104b6ace220"}], "title": "netfilter: nf_tables: reject mismatching sum of field_len with set key length", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:59:57.565Z"}}, {"x_adpType": "supplier", "providerMetadata": {"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "shortName": "siemens-SADP", "dateUpdated": "2026-05-12T12:03:59.800Z"}, "affected": [{"vendor": "Siemens", "product": "SIMATIC S7-1500 TM MFP - BIOS", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-503939.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEED5193-853E-4E5D-AA62-A0AFC1D0F7BF", "versionEndExcluding": "5.10.235", "versionStartIncluding": "5.10.209", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0752DD8C-9CDA-4643-961C-F270429E1783", "versionEndExcluding": "5.15.179", "versionStartIncluding": "5.15.148", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "76D27B0C-A7F0-4A0A-8A22-DC959D5AE7B3", "versionEndExcluding": "6.1.129", "versionStartIncluding": "6.1.75", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6FF9F73-55C5-4A3D-9163-1BD9425AD424", "versionEndExcluding": "6.6.76", "versionStartIncluding": "6.6.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6E77346-E77B-410B-9535-E9CCBE7C4E8D", "versionEndExcluding": "6.12.13", "versionStartIncluding": "6.7.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D4116B1-1BFD-4F23-BA84-169CC05FC5A3", "versionEndExcluding": "6.13.2", "versionStartIncluding": "6.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject mismatching sum of field_len with set key length\n\nThe field length description provides the length of each separated key\nfield in the concatenation, each field gets rounded up to 32-bits to\ncalculate the pipapo rule width from pipapo_init(). The set key length\nprovides the total size of the key aligned to 32-bits.\n\nRegister-based arithmetics still allows for combining mismatching set\nkey length and field length description, eg. set key length 10 and field\ndescription [ 5, 4 ] leading to pipapo width of 12."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: rechaza la suma no coincidente de field_len con la longitud de la clave establecida La descripci\u00f3n de la longitud del campo proporciona la longitud de cada campo de clave separado en la concatenaci\u00f3n, cada campo se redondea a 32 bits para calcular el ancho de la regla pipapo desde pipapo_init(). La longitud de la clave establecida proporciona el tama\u00f1o total de la clave alineada a 32 bits. La aritm\u00e9tica basada en registros a\u00fan permite combinar la longitud de la clave establecida y la descripci\u00f3n de la longitud del campo no coincidentes, p. ej., la longitud de la clave establecida 10 y la descripci\u00f3n del campo [ 5, 4 ], lo que lleva a un ancho de pipapo de 12."}], "id": "CVE-2025-21826", "lastModified": "2026-05-12T13:16:37.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-06T16:15:54.863", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1b9335a8000fb70742f7db10af314104b6ace220"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2ac254343d3cf228ae0738b2615fedf85d000752"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/49b7182b97bafbd5645414aff054b4a65d05823d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5083a7ae45003456c253e981b30a43f71230b4a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6b467c8feac759f4c5c86d708beca2aa2b29584f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/82e491e085719068179ff6a5466b7387cc4bbf32"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ab50d0eff4a939d20c37721fd9766347efcdb6f6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "url": "https://cert-portal.siemens.com/productcert/html/ssa-503939.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length", "id": "2350392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350392"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-682", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nf_tables: reject mismatching sum of field_len with set key length\nThe field length description provides the length of each separated key\nfield in the concatenation, each field gets rounded up to 32-bits to\ncalculate the pipapo rule width from pipapo_init(). The set key length\nprovides the total size of the key aligned to 32-bits.\nRegister-based arithmetics still allows for combining mismatching set\nkey length and field length description, eg. set key length 10 and field\ndescription [ 5, 4 ] leading to pipapo width of 12."], "name": "CVE-2025-21826", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-21826\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21826\nhttps://lore.kernel.org/linux-cve-announce/2025030630-CVE-2025-21826-c263@gregkh/T"], "threat_severity": "Moderate"}

{}