CVE-2025-37997
Published: May 29, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 5dd9488ae41070b69d2f4acb580f77db5705f9ca - < 00cfc5fad1491796942a948808afb968a0a3f35baffected f66ee0410b1c3481ee75e5db9b34547b4d582465 - < 226ce0ec38316d9e3739e73a64b6b8304646c658affected f66ee0410b1c3481ee75e5db9b34547b4d582465 - < 82c1eb32693bc48251d92532975e19160987e5b9affected f66ee0410b1c3481ee75e5db9b34547b4d582465 - < aa77294b0f73bb8265987591460cd25b8722c3dfaffected f66ee0410b1c3481ee75e5db9b34547b4d582465 - < a3dfec485401943e315c394c29afe2db8f9481d6+6 more versions |
Linux | Linux | affected 5.6unaffected 0 - < 5.6unaffected 5.4.294 - <= 5.4.*unaffected 5.10.238 - <= 5.10.*unaffected 5.15.183 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now