Fixed
Created: Jul 3, 2025
Updated: Jul 10, 2025
Resolved Date: Jul 10, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]netfilter: nf_set_pipapo_avx2: fix initial map fill[EOL][EOL]If the first field doesn't cover the entire start map, then we must zero[EOL]out the remainder, else we leak those bits into the next match round map.[EOL][EOL]The early fix was incomplete and did only fix up the generic C[EOL]implementation.[EOL][EOL]A followup patch adds a test case to nft_concat_range.sh.
CREATE(Triage):(User=lchen-cn) [CVE-2025-38120 (https://nvd.nist.gov/vuln/detail/CVE-2025-38120)
