PT-2025-22222 · Linux+6 · Linux Kernel+6

Published

2025-05-07

·

Updated

2026-04-20

·

CVE-2025-37961

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for the uninit-value issue in do output route4
Description A vulnerability has been resolved in the Linux kernel related to an uninit-value issue for the saddr argument in the do output route4 function. This issue can prevent connecting the route. The problem arises because the code is still reading the saddr value even though it should be ignored according to a previous commit. The fix involves changing the argument to ret saddr.
Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the uninit-value issue in do output route4. As a temporary workaround, consider restricting the use of the do output route4 function until a patch is available.

Exploit

Fix

Use of Uninitialized Resource

Improper Resource Release

Weakness Enumeration

CWE-908CWE-404

Related Identifiers

AZL-72575
BDU:2025-11793
CVE-2025-37961
DLA-4271-1
DSA-5925-1
ECHO-4B5C-1C2D-3960
MGASA-2025-0182
MGASA-2025-0183
OESA-2025-2120
OESA-2025-2121
OESA-2025-2122
SUSE-SU-2025:02249-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02334-1
SUSE-SU-2025:02335-1
SUSE-SU-2025:02538-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20475-1
SUSE-SU-2025:20483-1
SUSE-SU-2025:20493-1
SUSE-SU-2025:20498-1
SUSE-SU-2025_02249-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
SUSE-SU-2025_02334-1
SUSE-SU-2025_02335-1
SUSE-SU-2025_02538-1
USN-7699-1
USN-7699-2
USN-7721-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu