CVE-2025-38162

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nft_set_pipapo: prevent overflow in lookup table allocation<br /> <br /> When calculating the lookup table size, ensure the following<br /> multiplication does not overflow:<br /> <br /> - desc-&gt;field_len[] maximum value is U8_MAX multiplied by<br /> NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case.<br /> - NFT_PIPAPO_BUCKETS(f-&gt;bb) is 2^8, worst case.<br /> - sizeof(unsigned long), from sizeof(*f-&gt;lt), lt in<br /> struct nft_pipapo_field.<br /> <br /> Then, use check_mul_overflow() to multiply by bucket size and then use<br /> check_add_overflow() to the alignment for avx2 (if needed). Finally, add<br /> lt_size_check_overflow() helper and use it to consolidate this.<br /> <br /> While at it, replace leftover allocation using the GFP_KERNEL to<br /> GFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().