5.5

CVE-2025-37997

netfilter: ipset: fix region locking in hash types

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: fix region locking in hash types

Region locking introduced in v5.6-rc4 contained three macros to handle
the region locks: ahash_bucket_start(), ahash_bucket_end() which gave
back the start and end hash bucket values belonging to a given region
lock and ahash_region() which should give back the region lock belonging
to a given hash bucket. The latter was incorrect which can lead to a
race condition between the garbage collector and adding new elements
when a hash type of set is defined with timeouts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4.24 < 5.4.294
LinuxLinux Kernel Version >= 5.5.8 < 5.6
LinuxLinux Kernel Version >= 5.6.1 < 5.10.238
LinuxLinux Kernel Version >= 5.11 < 5.15.183
LinuxLinux Kernel Version >= 5.16 < 6.1.139
LinuxLinux Kernel Version >= 6.2 < 6.6.91
LinuxLinux Kernel Version >= 6.7 < 6.12.29
LinuxLinux Kernel Version >= 6.13 < 6.14.7
LinuxLinux Kernel Version5.6 Update-
LinuxLinux Kernel Version5.6 Updaterc4
LinuxLinux Kernel Version5.6 Updaterc5
LinuxLinux Kernel Version5.6 Updaterc6
LinuxLinux Kernel Version5.6 Updaterc7
LinuxLinux Kernel Version6.15 Updaterc1
LinuxLinux Kernel Version6.15 Updaterc2
LinuxLinux Kernel Version6.15 Updaterc3
LinuxLinux Kernel Version6.15 Updaterc4
LinuxLinux Kernel Version6.15 Updaterc5
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.027
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/82c1eb32693bc48251d92532975e19160987e5b9
Patch
https://git.kernel.org/stable/c/aa77294b0f73bb8265987591460cd25b8722c3df
Patch
https://git.kernel.org/stable/c/a3dfec485401943e315c394c29afe2db8f9481d6
Patch
https://git.kernel.org/stable/c/e2ab67672b2288521a6146034a971f9a82ffc5c5
Patch
https://git.kernel.org/stable/c/6e002ecc1c8cfdfc866b9104ab7888da54613e59
Patch
https://git.kernel.org/stable/c/8478a729c0462273188263136880480729e9efca
Patch
https://git.kernel.org/stable/c/00cfc5fad1491796942a948808afb968a0a3f35b
Patch
https://git.kernel.org/stable/c/226ce0ec38316d9e3739e73a64b6b8304646c658
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
Third Party Advisory