CVE-2025-38639

UNKNOWN 0.0

netfilter: xt_nfacct: don't assume acct name is null-terminated

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_nfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 [..] string+0x231/0x2b0 lib/vsprintf.c:721 vsnprintf+0x739/0xf00 lib/vsprintf.c:2874 [..] nfacct_mt_checkentry+0xd2/0xe0 net/netfilter/xt_nfacct.c:41 xt_check_match+0x3d1/0xab0 net/netfilter/x_tables.c:523 nfnl_acct_find_get() handles non-null input, but the error printk relied on its presence.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Aug 22, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 < 66d41268ede1e1b6e71ba28be923397ff0b2b9c3 ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 < e021a1eee196887536a6630c5492c23a4c78d452 ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 < b10cfa2de13d28ddd03210eb234422b7ec92725a ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 < e18939176e657a3a20bfbed357b8c55a9f82aba3 ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 < 58004aa21e79addaf41667bfe65e93ec51653f18 ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 < 7c1ae471da69c09242834e956218ea6a42dd405a ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 < 58007fc7b94fb2702000045ff401eb7f5bde7828 ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 < df13c9c6ce1d55c31d1bd49db65a7fbbd86aab13 ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 < bf58e667af7d96c8eb9411f926a0a0955f41ce21

Linux / Linux

3.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗