SB20250620177 - Race condition within a thread in Linux kernel net driver
Published: June 20, 2025
Security Bulletin ID
SB20250620177
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition within a thread (CVE-ID: CVE-2025-38037)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the vxlan_fdb_info(), vxlan_find_mac(), vxlan_fdb_update_existing(), vxlan_snoop() and vxlan_cleanup() functions in drivers/net/vxlan.c. A local user can corrupt data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/02a33b1035a307453a1da6ce0a1bf3676be287d7
- https://git.kernel.org/stable/c/13cba3f837903f7184d6e9b6137d5165ffe82a8f
- https://git.kernel.org/stable/c/4eceb7eae6ea7c950384c34e6dbbe872c981935f
- https://git.kernel.org/stable/c/784b78295a3a58bf052339dd669e6e03710220d3
- https://git.kernel.org/stable/c/87d076987a9ba106c83412fcd113656f71af05a1
- https://git.kernel.org/stable/c/a6644aeb8ddf196dec5f8e782293c36f065df4d7
- https://git.kernel.org/stable/c/e033da39fc6abbddab6c29624acef80757f273fa
- https://git.kernel.org/stable/c/f6205f8215f12a96518ac9469ff76294ae7bd612