Linux Kernel Netfilter ipset Hash Type Region Locking Vulnerability

Vulnerability

A vulnerability in the Linux kernel's netfilter ipset component affects hash types defined with timeouts. The issue arises from incorrect region locking, which can create a race condition between the garbage collector and the addition of new elements. This vulnerability is present in versions of the Linux kernel that include the faulty region locking introduced in v5.6-rc4.

Impact

Exploitation of this vulnerability can lead to a race condition, causing potential inconsistencies in how elements are managed within hash type sets, particularly those with timeouts.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Netfilter ipset Hash Type Region Locking Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating