CVE-2025-38639

Aug. 22, 2025, 6:08 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_nfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 [..] string+0x231/0x2b0 lib/vsprintf.c:721 vsnprintf+0x739/0xf00 lib/vsprintf.c:2874 [..] nfacct_mt_checkentry+0xd2/0xe0 net/netfilter/xt_nfacct.c:41 xt_check_match+0x3d1/0xab0 net/netfilter/x_tables.c:523 nfnl_acct_find_get() handles non-null input, but the error printk relied on its presence.

Product(s) Impacted

Vendor Product Versions
Linux
  • Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux kernel / / / / / / / /

References

https://git.kernel.org/stable/c/58004aa21e79addaf41667bfe65e93ec51653f18
https://git.kernel.org/stable/c/58007fc7b94fb2702000045ff401eb7f5bde7828
https://git.kernel.org/stable/c/7c1ae471da69c09242834e956218ea6a42dd405a
https://git.kernel.org/stable/c/bf58e667af7d96c8eb9411f926a0a0955f41ce21
https://git.kernel.org/stable/c/df13c9c6ce1d55c31d1bd49db65a7fbbd86aab13
https://git.kernel.org/stable/c/e18939176e657a3a20bfbed357b8c55a9f82aba3

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-08-22
CVE-2025-38639

Timeline

Published: Aug. 22, 2025, 4:15 p.m.
Last Modified: Aug. 22, 2025, 6:08 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.