#VU114833 Improper locking in Linux kernel - CVE-2025-38718
Published: September 5, 2025
Vulnerability identifier: #VU114833
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38718
CWE-ID: CWE-667
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sctp_rcv() function in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/03d0cc6889e02420125510b5444b570f4bbf53d5
- https://git.kernel.org/stable/c/1bd5214ea681584c5886fea3ba03e49f93a43c0e
- https://git.kernel.org/stable/c/7d757f17bc2ef2727994ffa6d5d6e4bc4789a770
- https://git.kernel.org/stable/c/cd0e92bb2b7542fb96397ffac639b4f5b099d0cb
- https://git.kernel.org/stable/c/d0194e391bb493aa6cec56d177b14df6b29188d5
- https://git.kernel.org/stable/c/ea094f38d387d1b0ded5dee4a3e5720aa4ce0139
- https://git.kernel.org/stable/c/fc66772607101bd2030a4332b3bd0ea3b3605250
- https://git.kernel.org/stable/c/fd60d8a086191fe33c2d719732d2482052fa6805