CVE-2025-38639— netfilter: xt_nfacct: don't assume acct name is null-terminated

EPSS 0.02% · P6 Updated May 15, 2026

Affected Version Matrix 20

Vendor	Product	Version Range	Status
Linux	Linux	`ceb98d03eac5704820f2ac1f370c9ff385e3a9f5< 66d41268ede1e1b6e71ba28be923397ff0b2b9c3`	affected
		`ceb98d03eac5704820f2ac1f370c9ff385e3a9f5< e021a1eee196887536a6630c5492c23a4c78d452`	affected
		`ceb98d03eac5704820f2ac1f370c9ff385e3a9f5< b10cfa2de13d28ddd03210eb234422b7ec92725a`	affected
		`ceb98d03eac5704820f2ac1f370c9ff385e3a9f5< e18939176e657a3a20bfbed357b8c55a9f82aba3`	affected
		`ceb98d03eac5704820f2ac1f370c9ff385e3a9f5< 58004aa21e79addaf41667bfe65e93ec51653f18`	affected
		`ceb98d03eac5704820f2ac1f370c9ff385e3a9f5< 7c1ae471da69c09242834e956218ea6a42dd405a`	affected
		`ceb98d03eac5704820f2ac1f370c9ff385e3a9f5< 58007fc7b94fb2702000045ff401eb7f5bde7828`	affected
		`ceb98d03eac5704820f2ac1f370c9ff385e3a9f5< df13c9c6ce1d55c31d1bd49db65a7fbbd86aab13`	affected
… +12 more rows

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-38639

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

netfilter: xt_nfacct: don't assume acct name is null-terminated

Source: NVD (National Vulnerability Database)

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_nfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 [..] string+0x231/0x2b0 lib/vsprintf.c:721 vsnprintf+0x739/0xf00 lib/vsprintf.c:2874 [..] nfacct_mt_checkentry+0xd2/0xe0 net/netfilter/xt_nfacct.c:41 xt_check_match+0x3d1/0xab0 net/netfilter/x_tables.c:523 nfnl_acct_find_get() handles non-null input, but the error printk relied on its presence.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux kernel 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞，该漏洞源于xt_nfacct假设acct名称以空字符结尾，可能导致越界读取。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Linux	Linux	ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 ~ 66d41268ede1e1b6e71ba28be923397ff0b2b9c3	-
Linux	Linux	3.3	-

II. Public POCs for CVE-2025-38639

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-38639

请登录查看更多情报信息。

Same Patch Batch · Linux · 2025-08-22 · 60 CVEs total

CVE-2025-38634		power: supply: cpcap-charger: Fix null check for power_supply_get_by_name
CVE-2025-38616		tls: handle data disappearing from under the TLS ULP
CVE-2025-38620		zloop: fix KASAN use-after-free of tag set
CVE-2025-38619		media: ti: j721e-csi2rx: fix list_del corruption
CVE-2025-38621		md: make rdev_addable usable for rcu mode
CVE-2025-38618		vsock: Do not allow binding to VMADDR_PORT_ANY
CVE-2025-38630		fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
CVE-2025-38632		pinmux: fix race causing mux_owner NULL with active mux_usecount
CVE-2025-38631		clk: imx95-blk-ctl: Fix synchronous abort
CVE-2025-38633		clk: spacemit: mark K1 pll1_d8 as critical
CVE-2025-38629		ALSA: usb: scarlett2: Fix missing NULL check
CVE-2025-38635		clk: davinci: Add NULL check in davinci_lpsc_clk_register()
CVE-2025-38636		rv: Use strings in da monitors tracepoints
CVE-2025-38638		ipv6: add a retry logic in net6_rt_notify()
CVE-2025-38640		bpf: Disable migration in nf_hook_run_bpf().
CVE-2025-38641		Bluetooth: btusb: Fix potential NULL dereference on kmalloc failure
CVE-2025-38642		wifi: mac80211: fix WARN_ON for monitor mode on some devices
CVE-2025-38643		wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()
CVE-2025-38644		wifi: mac80211: reject TDLS operations when station is not associated
CVE-2025-38645		net/mlx5: Check device memory pointer before usage

Showing top 20 of 60 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux

Same vendor: Linux

V. Comments for CVE-2025-38639

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-38639— netfilter: xt_nfacct: don't assume acct name is null-terminated

Affected Version Matrix 20

I. Basic Information for CVE-2025-38639

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-38639

III. Intelligence Information for CVE-2025-38639

Same Patch Batch · Linux · 2025-08-22 · 60 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-38639

Leave a comment