CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-37808: crypto: null - Use spin lock instead of mutex

Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: null - Use spin lock instead of mutex

As the null algorithm may be freed in softirq context through
af_alg, use spin locks instead of mutexes to protect the default
null algorithm.

Classification

CVE ID: CVE-2025-37808

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.6% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37808
https://git.kernel.org/stable/c/f7a5a5c8e1ec16a4b2041398abe95de0e14572ef
https://git.kernel.org/stable/c/e307c54ac8198bf09652c72603ba6e6d97798410
https://git.kernel.org/stable/c/1dd4a8561d85dea545cf93f56efc48df8176e218
https://git.kernel.org/stable/c/e27244cbe10658a66b8775be7f0acc4ad2f618d6
https://git.kernel.org/stable/c/1b66a5920b7fc7cc6251192a3fcad115b6d75dd5
https://git.kernel.org/stable/c/0486de3c1b8223138dcc614846bd76364f758de6
https://git.kernel.org/stable/c/8cf2945512a8c0ef74ddd5b5a4f6b6a2fb1a4efb
https://git.kernel.org/stable/c/dcc47a028c24e793ce6d6efebfef1a1e92f80297

Timeline

2025-05-08 07:40:11 UTC
CVE

crypto: null - Use spin lock instead of mutex