cve/2025/CVE-2025-38120.md

### [CVE-2025-38120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38120)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.11%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=69b6a67f7052905e928d75a0c5871de50e686986%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=791a615b7ad2258c560f91852be54b0480837c93%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=8058c88ac0df21239daee54b5934d5c80ca9685f%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=957a4d1c4c5849e4515c9fb4db21bf85318103dc%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9625c46ce6fd4f922595a4b32b1de5066d70464f%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_set_pipapo_avx2: fix initial map fillIf the first field doesn't cover the entire start map, then we must zeroout the remainder, else we leak those bits into the next match round map.The early fix was incomplete and did only fix up the generic Cimplementation.A followup patch adds a test case to nft_concat_range.sh.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/w4zu/Debian_security