{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-21826","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.775Z","datePublished":"2025-03-06T16:04:32.274Z","dateUpdated":"2026-05-12T12:03:59.800Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:07:16.254Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject mismatching sum of field_len with set key length\n\nThe field length description provides the length of each separated key\nfield in the concatenation, each field gets rounded up to 32-bits to\ncalculate the pipapo rule width from pipapo_init(). The set key length\nprovides the total size of the key aligned to 32-bits.\n\nRegister-based arithmetics still allows for combining mismatching set\nkey length and field length description, eg. set key length 10 and field\ndescription [ 5, 4 ] leading to pipapo width of 12."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nf_tables_api.c"],"versions":[{"version":"2d4c0798a1ef8db15b3277697ac2def4eda42312","lessThan":"6b467c8feac759f4c5c86d708beca2aa2b29584f","status":"affected","versionType":"git"},{"version":"77be8c495a3f841e88b46508cc20d3d7d3289da3","lessThan":"5083a7ae45003456c253e981b30a43f71230b4a3","status":"affected","versionType":"git"},{"version":"9cb084df01e198119de477ac691d682fb01e80f3","lessThan":"2ac254343d3cf228ae0738b2615fedf85d000752","status":"affected","versionType":"git"},{"version":"dc45bb00e66a33de1abb29e3d587880e1d4d9a7e","lessThan":"82e491e085719068179ff6a5466b7387cc4bbf32","status":"affected","versionType":"git"},{"version":"3ce67e3793f48c1b9635beb9bb71116ca1e51b58","lessThan":"49b7182b97bafbd5645414aff054b4a65d05823d","status":"affected","versionType":"git"},{"version":"3ce67e3793f48c1b9635beb9bb71116ca1e51b58","lessThan":"ab50d0eff4a939d20c37721fd9766347efcdb6f6","status":"affected","versionType":"git"},{"version":"3ce67e3793f48c1b9635beb9bb71116ca1e51b58","lessThan":"1b9335a8000fb70742f7db10af314104b6ace220","status":"affected","versionType":"git"},{"version":"ff67e3e488090908dc015ba04d7407d8bd467f7e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nf_tables_api.c"],"versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","status":"unaffected","versionType":"semver"},{"version":"5.10.235","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.179","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.129","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.76","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.13","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.2","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.209","versionEndExcluding":"5.10.235"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.148","versionEndExcluding":"5.15.179"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.75","versionEndExcluding":"6.1.129"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.14","versionEndExcluding":"6.6.76"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.13.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6b467c8feac759f4c5c86d708beca2aa2b29584f"},{"url":"https://git.kernel.org/stable/c/5083a7ae45003456c253e981b30a43f71230b4a3"},{"url":"https://git.kernel.org/stable/c/2ac254343d3cf228ae0738b2615fedf85d000752"},{"url":"https://git.kernel.org/stable/c/82e491e085719068179ff6a5466b7387cc4bbf32"},{"url":"https://git.kernel.org/stable/c/49b7182b97bafbd5645414aff054b4a65d05823d"},{"url":"https://git.kernel.org/stable/c/ab50d0eff4a939d20c37721fd9766347efcdb6f6"},{"url":"https://git.kernel.org/stable/c/1b9335a8000fb70742f7db10af314104b6ace220"}],"title":"netfilter: nf_tables: reject mismatching sum of field_len with set key length","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T20:59:57.565Z"}},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T12:03:59.800Z"},"affected":[{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - BIOS","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-503939.html"}]}]}}