SB2025042270 - Out-of-bounds read in Linux kernel ipv4
Published: April 22, 2025 Updated: May 10, 2025
Security Bulletin ID
SB2025042270
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-22055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nft_tunnel_obj_erspan_init() function in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/21748669c5825761cbbf47cbeeb01387ddccc8cb
- https://git.kernel.org/stable/c/2952776c69a1a551649ed770bf22e3f691f6ec65
- https://git.kernel.org/stable/c/4d606069bdd3c76f8ab1f06796c97ef7f4746807
- https://git.kernel.org/stable/c/5a2976cc4d9c36ff58a0f10e35ce4283cbaa9c0e
- https://git.kernel.org/stable/c/738ae5712215fe9181587d582b23333f02c62ca6
- https://git.kernel.org/stable/c/a2cb85f989e2074e2f392e00188c438cab3de088
- https://git.kernel.org/stable/c/b27055a08ad4b415dcf15b63034f9cb236f7fb40
- https://git.kernel.org/stable/c/b4513ad0f391871d3feee8ddf535609a3aabeeac
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.180