CVE-2025-37997

MEDIUM EPSS 2.7%
Published May 29, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 29, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 19

VendorProductVersionRange
linuxlinux_kernel*≥5.4.24  –  <5.4.294
linuxlinux_kernel*≥5.5.8  –  <5.6
linuxlinux_kernel*≥5.6.1  –  <5.10.238
linuxlinux_kernel*≥5.11  –  <5.15.183
linuxlinux_kernel*≥5.16  –  <6.1.139
linuxlinux_kernel*≥6.2  –  <6.6.91
linuxlinux_kernel*≥6.7  –  <6.12.29
linuxlinux_kernel*≥6.13  –  <6.14.7
linuxlinux_kernel5.6any
linuxlinux_kernel5.6any
linuxlinux_kernel5.6any
linuxlinux_kernel5.6any
linuxlinux_kernel5.6any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/00cfc5fad1491796942a948808afb968a0a3f35b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/226ce0ec38316d9e3739e73a64b6b8304646c658
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6e002ecc1c8cfdfc866b9104ab7888da54613e59
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82c1eb32693bc48251d92532975e19160987e5b9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8478a729c0462273188263136880480729e9efca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a3dfec485401943e315c394c29afe2db8f9481d6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aa77294b0f73bb8265987591460cd25b8722c3df
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e2ab67672b2288521a6146034a971f9a82ffc5c5
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/00cfc5fad1491796942a948808afb968a0a3f35b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/226ce0ec38316d9e3739e73a64b6b8304646c658
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6e002ecc1c8cfdfc866b9104ab7888da54613e59
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82c1eb32693bc48251d92532975e19160987e5b9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8478a729c0462273188263136880480729e9efca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a3dfec485401943e315c394c29afe2db8f9481d6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aa77294b0f73bb8265987591460cd25b8722c3df
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e2ab67672b2288521a6146034a971f9a82ffc5c5
    Patch