CVE-2025-37920 — Race Condition in Linux
CWE-362 — Race ConditionCWE-345 — Insufficient Verification of Data Authenticity49 documents7 sources
Severity
4.7MEDIUMNVD
OSV7.8OSV3.2
EPSS
0.1%
top 77.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 20
Latest updateMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
xsk: Fix race condition in AF_XDP generic RX path
Move rx_lock from xsk_socket to xsk_buff_pool.
Fix synchronization for shared umem mode in
generic RX path where multiple sockets share
single xsk_buff_pool.
RX queue is exclusive to xsk_socket, while FILL
queue can be shared between multiple sockets.
This could result in race condition where two
CPU cores access RX path of two different sockets
sharing the same umem.
Protect…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6