#VU109954 Improper locking in Linux kernel - CVE-2025-37997

Vulnerability identifier: #VU109954

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37997

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the net/netfilter/ipset/ip_set_hash_gen.h. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/6e002ecc1c8cfdfc866b9104ab7888da54613e59
https://git.kernel.org/stable/c/82c1eb32693bc48251d92532975e19160987e5b9
https://git.kernel.org/stable/c/8478a729c0462273188263136880480729e9efca
https://git.kernel.org/stable/c/a3dfec485401943e315c394c29afe2db8f9481d6
https://git.kernel.org/stable/c/aa77294b0f73bb8265987591460cd25b8722c3df
https://git.kernel.org/stable/c/e2ab67672b2288521a6146034a971f9a82ffc5c5

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.