Race Condition in Linux Kernel's Netfilter: ipset Affected by Region Locking Issue
CVE-2025-37997

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 May 2025

What is CVE-2025-37997?

A vulnerability in the Linux Kernel's Netfilter ipset component was identified, stemming from improper region locking mechanisms introduced in version v5.6-rc4. The macros utilized for handling region locks, namely ahash_bucket_start() and ahash_bucket_end(), were intended to manage hash bucket values, while ahash_region() was supposed to correctly return the region lock for a given hash bucket. However, a flaw in the latter can trigger race conditions between the garbage collector and new element insertion in a hash set defined with timeouts, potentially compromising system stability and security.

Affected Version(s)

Linux f66ee0410b1c3481ee75e5db9b34547b4d582465 < 82c1eb32693bc48251d92532975e19160987e5b9

Linux f66ee0410b1c3481ee75e5db9b34547b4d582465

References

https://git.kernel.org/stable/c/82c1eb32693bc48251d925329...

https://git.kernel.org/stable/c/aa77294b0f73bb82659875914...

https://git.kernel.org/stable/c/a3dfec485401943e315c394c2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2025
Vulnerability Reserved
Apr 16, 2025