SB2025070470 - Improper locking in Linux kernel ipv4
Published: July 4, 2025
Security Bulletin ID
SB2025070470
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-38124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0e65f38bd1aa14ea86e221b7bb814d38278d86c3
- https://git.kernel.org/stable/c/3382a1ed7f778db841063f5d7e317ac55f9e7f72
- https://git.kernel.org/stable/c/4399f59a9467a324ed46657555f0e1f209a14acb
- https://git.kernel.org/stable/c/85eef1748c024da1a191aed56b30a3a65958c50c
- https://git.kernel.org/stable/c/a04302867094bdc6efac1b598370fc47cf3f2388