CVE-2025-37997
netfilter: ipset: fix region locking in hash types
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle
the region locks: ahash_bucket_start(), ahash_bucket_end() which gave
back the start and end hash bucket values belonging to a given region
lock and ahash_region() which should give back the region lock belonging
to a given hash bucket. The latter was incorrect which can lead to a
race condition between the garbage collector and adding new elements
when a hash type of set is defined with timeouts.
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2025-04-16 CVE Reserved
- 2025-05-29 CVE Published
- 2025-05-29 CVE Updated
- 2025-05-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/f66ee0410b1c3481ee75e5db9b34547b4d582465 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/5dd9488ae41070b69d2f4acb580f77db5705f9ca | Vuln. Introduced | |
| https://git.kernel.org/stable/c/a469bab3386aebff33c59506f3a95e35b91118fd | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 5.15.183 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.15.183" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 6.1.139 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.1.139" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 6.6.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.6.91" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 6.12.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.12.29" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 6.14.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.14.7" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.15" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.4.24 Search vendor "Linux" for product "Linux Kernel" and version "5.4.24" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.5.8 Search vendor "Linux" for product "Linux Kernel" and version "5.5.8" | en |
Affected
| ||||||