CVE-2025-21826: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21826 is a vulnerability discovered in the Linux kernel's netfilter component, specifically in the nf_tables subsystem. The vulnerability was disclosed on March 6, 2025, affecting the field length description handling in the netfilter's pipapo rule width calculation. This security issue impacts various Linux distributions including Ubuntu, Debian, and Red Hat Enterprise Linux systems (Ubuntu Security, Debian Tracker, Red Hat CVE).

The vulnerability exists in the way nftables handles field length descriptions for key field concatenation. The issue occurs when calculating the pipapo rule width from pipapoinit(), where each field gets rounded up to 32-bits. The set key length provides the total size of the key aligned to 32-bits, but register-based arithmetics allows for combining mismatching set key length and field length descriptions. For example, a set key length of 10 and field description [5, 4] can lead to a pipapo width of 12, creating a potential security risk (Kernel Git). The vulnerability has been assigned a CVSS v3.1 score of 5.5 (Moderate) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat CVE).

The vulnerability affects the availability of the system, as indicated by the CVSS metrics showing High impact on availability (A:H) while having no direct impact on confidentiality (C:N) or integrity (I:N). The local attack vector (AV:L) suggests that an attacker would need local access to exploit this vulnerability (Red Hat CVE).

The vulnerability has been fixed in various Linux kernel versions. Debian has fixed the issue in version 6.1.129-1 for bookworm and 6.12.17-1 for sid/trixie releases. Ubuntu has marked this as a medium priority issue and is providing updates for affected systems. Red Hat Enterprise Linux 9 is affected and working on updates, while versions 6 and 8 are not affected (Debian Tracker, Ubuntu Security, Red Hat CVE).