CVE-2025-38639

EUVD-2025-25563

22.08.2025, 16:15

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_nfacct: don't assume acct name is null-terminated

BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721
Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851
[..]
 string+0x231/0x2b0 lib/vsprintf.c:721
 vsnprintf+0x739/0xf00 lib/vsprintf.c:2874
 [..]
 nfacct_mt_checkentry+0xd2/0xe0 net/netfilter/xt_nfacct.c:41
 xt_check_match+0x3d1/0xab0 net/netfilter/x_tables.c:523

nfnl_acct_find_get() handles non-null input, but the error
printk relied on its presence.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	3.3 ≤ 𝑥 < 5.4.297
linux	linux_kernel	5.5 ≤ 𝑥 < 5.10.241
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.190
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.148
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.102
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.42
linux	linux_kernel	6.13 ≤ 𝑥 < 6.15.10
linux	linux_kernel	6.16 ≤ 𝑥 < 6.16.1
debian	debian_linux	11.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.172-1 fixed
bullseye	vulnerable
bullseye (security)	5.10.251-5 fixed
forky	7.0.7-1 fixed
sid	7.0.7-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.88-1 fixed

linux-6.1

bullseye (security)

6.1.172-1~deb11u1

fixed

openSUSE / SLES Releases

openSUSE Product

Release

cluster-md-kmp-default

suse enterprise server 12 SP5

4.12.14-122.275.1

fixed

dlm-kmp-default

suse enterprise server 12 SP5

4.12.14-122.275.1

fixed

gfs2-kmp-default

suse enterprise server 12 SP5

4.12.14-122.275.1

fixed

kernel-64kb

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.15.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.15.2 fixed

kernel-default

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 12 SP5	4.12.14-122.275.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-default-base

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1.150600.12.32.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1.150700.17.13.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1.150600.12.32.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1.150700.17.13.1 fixed
suse enterprise server 12 SP5	4.12.14-122.275.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1.150600.12.32.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1.150700.17.13.1 fixed

kernel-default-man

suse enterprise server 12 SP5

4.12.14-122.275.1

fixed

kernel-docs

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-macros

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 12 SP5	4.12.14-122.275.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-obs-build

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-source

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 12 SP5	4.12.14-122.275.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-source-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.15.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.15.2 fixed

kernel-syms

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 12 SP5	4.12.14-122.275.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

kernel-syms-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.15.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.15.1 fixed

kernel-zfcpdump

suse enterprise desktop 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.19.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.73.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.19.1 fixed

ocfs2-kmp-default

suse enterprise server 12 SP5

4.12.14-122.275.1

fixed

References

https://git.kernel.org/stable/c/58004aa21e79addaf41667bfe65e93ec51653f18

https://git.kernel.org/stable/c/58007fc7b94fb2702000045ff401eb7f5bde7828

https://git.kernel.org/stable/c/66d41268ede1e1b6e71ba28be923397ff0b2b9c3

https://git.kernel.org/stable/c/7c1ae471da69c09242834e956218ea6a42dd405a

https://git.kernel.org/stable/c/b10cfa2de13d28ddd03210eb234422b7ec92725a

https://git.kernel.org/stable/c/bf58e667af7d96c8eb9411f926a0a0955f41ce21

https://git.kernel.org/stable/c/df13c9c6ce1d55c31d1bd49db65a7fbbd86aab13

https://git.kernel.org/stable/c/e021a1eee196887536a6630c5492c23a4c78d452

https://git.kernel.org/stable/c/e18939176e657a3a20bfbed357b8c55a9f82aba3

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html