SB2025050857 - Resource management error in Linux kernel crypto
Published: May 8, 2025 Updated: May 10, 2025
Security Bulletin ID
SB2025050857
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2025-37808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_MUTEX(), MODULE_ALIAS_CRYPTO() and EXPORT_SYMBOL_GPL() functions in crypto/crypto_null.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0486de3c1b8223138dcc614846bd76364f758de6
- https://git.kernel.org/stable/c/1b66a5920b7fc7cc6251192a3fcad115b6d75dd5
- https://git.kernel.org/stable/c/1dd4a8561d85dea545cf93f56efc48df8176e218
- https://git.kernel.org/stable/c/8cf2945512a8c0ef74ddd5b5a4f6b6a2fb1a4efb
- https://git.kernel.org/stable/c/dcc47a028c24e793ce6d6efebfef1a1e92f80297
- https://git.kernel.org/stable/c/e27244cbe10658a66b8775be7f0acc4ad2f618d6
- https://git.kernel.org/stable/c/e307c54ac8198bf09652c72603ba6e6d97798410
- https://git.kernel.org/stable/c/f7a5a5c8e1ec16a4b2041398abe95de0e14572ef
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.293