CVE-2025-21826

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nf_tables: reject mismatching sum of field_len with set key length<br /> <br /> The field length description provides the length of each separated key<br /> field in the concatenation, each field gets rounded up to 32-bits to<br /> calculate the pipapo rule width from pipapo_init(). The set key length<br /> provides the total size of the key aligned to 32-bits.<br /> <br /> Register-based arithmetics still allows for combining mismatching set<br /> key length and field length description, eg. set key length 10 and field<br /> description [ 5, 4 ] leading to pipapo width of 12.