Improper locking in Linux kernel loongarch net

Published: 2025-04-22

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2025-37893
CWE-ID	CWE-667
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU107735

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37893

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the build_prologue() function in arch/loongarch/net/bpf_jit.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/205a2182c51ffebaef54d643e3745e720cded08b
https://git.kernel.org/stable/c/48b904de2408af5f936f0e03f48dfcddeab58aa0
https://git.kernel.org/stable/c/7e2586991e36663c9bc48c828b83eab180ad30a9
https://git.kernel.org/stable/c/b3ffad2f02db4aace6799fe0049508b8925eae45
https://git.kernel.org/stable/c/c74d95a5679741ef428974ab788f5b0758dc78ae
https://git.kernel.org/stable/c/e9ccb262b39ab01a5ac2e485b7996b8498e7b373

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.