#VU109552 Use of uninitialized resource in Linux kernel - CVE-2025-37961
Published: May 21, 2025
Vulnerability identifier: #VU109552
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-37961
CWE-ID: CWE-908
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __mtu_check_toobig_v6(), do_output_route4() and __ip_vs_get_out_rt() functions in net/netfilter/ipvs/ip_vs_xmit.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/0160ac84fb03a0bd8dce8a42cb25bfaeedd110f4
- https://git.kernel.org/stable/c/7d0032112a0380d0b8d7c9005f621928a9b9fc76
- https://git.kernel.org/stable/c/a3a1b784791a3cbfc6e05c4d8a3c321ac5136e25
- https://git.kernel.org/stable/c/adbc8cc1162951cb152ed7f147d5fbd35ce3e62f
- https://git.kernel.org/stable/c/e34090d7214e0516eb8722aee295cb2507317c07