Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_nfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 [..] string+0x231/0x2b0 lib/vsprintf.c:721 vsnprintf+0x739/0xf00 lib/vsprintf.c:2874 [..] nfacct_mt_checkentry+0xd2/0xe0 net/netfilter/xt_nfacct.c:41 xt_check_match+0x3d1/0xab0 net/netfilter/x_tables.c:523 nfnl_acct_find_get() handles non-null input, but the error printk relied on its presence.

INFO

Published Date :

2025-08-22T16:00:45.953Z

Last Modified :

2025-08-28T14:44:24.673Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38639 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38639.

URL Resource
https://git.kernel.org/stable/c/58004aa21e79addaf41667bfe65e93ec51653f18 cve-icon cve-icon
https://git.kernel.org/stable/c/58007fc7b94fb2702000045ff401eb7f5bde7828 cve-icon cve-icon
https://git.kernel.org/stable/c/7c1ae471da69c09242834e956218ea6a42dd405a cve-icon cve-icon
https://git.kernel.org/stable/c/bf58e667af7d96c8eb9411f926a0a0955f41ce21 cve-icon cve-icon
https://git.kernel.org/stable/c/df13c9c6ce1d55c31d1bd49db65a7fbbd86aab13 cve-icon cve-icon
https://git.kernel.org/stable/c/e18939176e657a3a20bfbed357b8c55a9f82aba3 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025082234-CVE-2025-38639-f972@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38639 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38639 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact