SB2025070478 - Improper locking in Linux kernel core
Published: July 4, 2025
Security Bulletin ID
SB2025070478
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-38165)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_skb_ingress_enqueue(), sk_psock_skb_ingress(), sk_psock_skb_ingress_self() and sk_psock_verdict_apply() functions in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3d25fa2d7f127348c818e1dab9e58534f7ac56cc
- https://git.kernel.org/stable/c/5ca2e29f6834c64c0e5a9ccf1278c21fb49b827e
- https://git.kernel.org/stable/c/9718ba6490732dbe70190d42c21deb1440834402
- https://git.kernel.org/stable/c/db1d15a26f21f97459508c42ae87cabe8d3afc3b
- https://git.kernel.org/stable/c/e9c1299d813fc04668042690f2c3cc76d013959a