SB2025052158 - Use of uninitialized resource in Linux kernel netfilter ipvs
Published: May 21, 2025
Security Bulletin ID
SB2025052158
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2025-37961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __mtu_check_toobig_v6(), do_output_route4() and __ip_vs_get_out_rt() functions in net/netfilter/ipvs/ip_vs_xmit.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0160ac84fb03a0bd8dce8a42cb25bfaeedd110f4
- https://git.kernel.org/stable/c/7d0032112a0380d0b8d7c9005f621928a9b9fc76
- https://git.kernel.org/stable/c/a3a1b784791a3cbfc6e05c4d8a3c321ac5136e25
- https://git.kernel.org/stable/c/adbc8cc1162951cb152ed7f147d5fbd35ce3e62f
- https://git.kernel.org/stable/c/e34090d7214e0516eb8722aee295cb2507317c07