CVE-2025-37961 — Use of Uninitialized Resource in Linux

CWE-908 — Use of Uninitialized Resource42 documents7 sources

Severity

5.5MEDIUMNVD

OSV7.8OSV3.2

EPSS

0.1%

top 72.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +7 more

Timeline

PublishedMay 20

Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. commit 4754957f04f5 ("ipvs: do not use random local source address for tunnels") already implies that the input value of saddr should be ignored but the code is still reading it which can prevent to connect the route. Fix it by changing the argument to ret_saddr. [1] BUG: KMSAN: uninit-value in do_output_route4+0x4…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

▶NVDlinux/linux_kernel3.10.91 — 3.11+10

▶Debianlinux/linux_kernel< 6.1.140-1+2

▶Ubuntulinux/linux_kernel< 6.8.0-100.100

▶msrcmsrc/azl3_kernel_6.6.85.1-4_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.92.2-1_on_azure_linux_3.0

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-azure-6.8 vulnerabilities↗2026-03-25

▶

OSV

linux-azure-fips vulnerabilities↗2026-03-04

▶

OSV

linux-azure vulnerabilities↗2026-03-04

▶

OSV

linux-ibm, linux-ibm-6.8 vulnerabilities↗2026-02-24

▶

OSV

linux-xilinx vulnerabilities↗2026-02-24

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-04

▶

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-03-04

▶

Ubuntu

Linux kernel (Xilinx) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (IBM) vulnerabilities↗2026-02-24

▶

External resources

NVD MITRE

Affected products10

Debian Linuxfixed in linux 6.1.140-1 (bookworm)

Debian Linuxv11.0

Debian Linux-6.1fixed in linux 6.1.140-1 (bookworm)

Linux≥ 4754957f04f5f368792a0eb7dab0ae89fb93dcfd, < 7d0032112a0380d0b8d7c9005f621928a9b9fc76≥ 4754957f04f5f368792a0eb7dab0ae89fb93dcfd, < adbc8cc1162951cb152ed7f147d5fbd35ce3e62f≥ 4754957f04f5f368792a0eb7dab0ae89fb93dcfd, < 0160ac84fb03a0bd8dce8a42cb25bfaeedd110f4+8 more

Linux Kernel≥ 0, < 6.1.140-1≥ 0, < 6.12.29-1≥ 3.10.91, < 3.11+11 more

Msrc Azl3 Kernel 6.6.85.1-4 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.92.2-1 ON Azure Linux 3.0

Msrc Cbl2 Kernel 5.15.186.1-1 ON CBL Mariner 2.0

Msrc Cbl2 Kernel 5.15.200.1-1 ON CBL Mariner 2.0

Msrc Cbl2 Kernel 5.15.202.1-1 ON CBL Mariner 2.0

Disclosure

PublishedMay 20, 2025

Latest updateMar 25, 2026