SB2025090503 - Improper locking in Linux kernel netlink
Published: September 5, 2025
Security Bulletin ID
SB2025090503
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-38727)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netlink_attachskb() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/346c820ef5135cf062fa3473da955ef8c5fb6929
- https://git.kernel.org/stable/c/44ddd7b1ae0b7edb2c832eb16798c827a05e58f0
- https://git.kernel.org/stable/c/47d49fd07f86d1f55ea1083287303d237e9e0922
- https://git.kernel.org/stable/c/6bee383ff83352a693d03efdf27cdd80742f71b2
- https://git.kernel.org/stable/c/759dfc7d04bab1b0b86113f1164dc1fec192b859
- https://git.kernel.org/stable/c/78fcd69d55c5f11d7694c547eca767a1cfd38ec4
- https://git.kernel.org/stable/c/d42b71a34f6b8a2d5c53df81169b03b8d8b5cf4e
- https://git.kernel.org/stable/c/e8edc7de688791a337c068693f22e8d8b869df71
- https://git.kernel.org/stable/c/f324959ad47e62e3cadaffa65d3cff790fb48529