CVE-2025-39867

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s netfilter module, specifically within the nft set pipapo function. A commit introduced a null dereference issue when handling empty sets, breaking the check for a null scratch map. The incorrect check if (unlikely(!raw cpu ptr(m->scratch))) should have been if (!*raw cpu ptr(m->scratch)). This issue is only reproducible when AVX2 support is unavailable. The m variable and scratch pointer are involved in the error.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.