CVE-2025-37997: netfilter: ipset: fix region locking in hash types
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: fix region locking in hash types
Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahashbucketstart(), ahashbucketend() which gave back the start and end hash bucket values belonging to a given region lock and ahashregion() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.
Affected Software
Remediation
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2026-5291
- CVE-2026-4679
- CVE-2026-4449
- CVE-2026-4674
- CVE-2026-4442
- CVE-2026-4451
- CVE-2026-5292
- CVE-2026-5282
- CVE-2026-3922
- CVE-2026-5280
- CVE-2026-4458
- CVE-2026-3923
- CVE-2026-4462
- CVE-2026-4454
- CVE-2026-4675
- CVE-2025-37752
- CVE-2025-37756
- CVE-2025-37797
- CVE-2025-37890
- CVE-2025-38000
- CVE-2025-38001
- CVE-2025-38083
- CVE-2025-38177
- CVE-2025-38350
- CVE-2025-38477
- CVE-2025-38616
- CVE-2025-38617
- CVE-2025-38618
Frequently Asked Questions
What is the severity of CVE-2025-37997?
CVE-2025-37997 has been classified as a moderate severity vulnerability in the Linux kernel.
What versions of the Linux kernel are affected by CVE-2025-37997?
CVE-2025-37997 affects Linux kernel versions starting from 5.6-rc4.
How do I fix CVE-2025-37997?
To fix CVE-2025-37997, you should update to a patched version of the Linux kernel that addresses this vulnerability.
What is the nature of the vulnerability described in CVE-2025-37997?
CVE-2025-37997 involves a flaw in region locking within the ipset component of the Linux kernel's netfilter.
Is there any known exploitation of CVE-2025-37997 in the wild?
As of now, there are no public reports of active exploitation of CVE-2025-37997.