CVE-2025-37797

EPSS 0.02%
Veröffentlicht 02.05.2025 14:16:01
Zuletzt bearbeitet 06.11.2025 20:48:20
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net_sched: hfsc: Fix a UAF vulnerability in class handling

This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class
handling. The issue occurs due to a time-of-check/time-of-use condition
in hfsc_change_class() when working with certain child qdiscs like netem
or codel.

The vulnerability works as follows:
1. hfsc_change_class() checks if a class has packets (q.qlen != 0)
2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,
   codel, netem) might drop packets and empty the queue
3. The code continues assuming the queue is still non-empty, adding
   the class to vttree
4. This breaks HFSC scheduler assumptions that only non-empty classes
   are in vttree
5. Later, when the class is destroyed, this can lead to a Use-After-Free

The fix adds a second queue length check after qdisc_peek_len() to verify
the queue wasn't emptied.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.14.1 < 5.4.293

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.237

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.181

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.136

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.89

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.26

Linux ≫ Linux Kernel Version >= 6.13 < 6.14.5

Linux ≫ Linux Kernel Version4.14 Update-

Linux ≫ Linux Kernel Version4.14 Updaterc2

Linux ≫ Linux Kernel Version4.14 Updaterc3

Linux ≫ Linux Kernel Version4.14 Updaterc4

Linux ≫ Linux Kernel Version4.14 Updaterc5

Linux ≫ Linux Kernel Version4.14 Updaterc6

Linux ≫ Linux Kernel Version4.14 Updaterc7

Linux ≫ Linux Kernel Version4.14 Updaterc8

Linux ≫ Linux Kernel Version6.15 Updaterc1

Linux ≫ Linux Kernel Version6.15 Updaterc2

Linux ≫ Linux Kernel Version6.15 Updaterc3

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.051

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/28b09a067831f7317c3841812276022d6c940677

Patch

https://git.kernel.org/stable/c/39b9095dd3b55d9b2743df038c32138efa34a9de

Patch

https://git.kernel.org/stable/c/fcc8ede663569c704fb00a702973bd6c00373283

Patch

https://git.kernel.org/stable/c/20d584a33e480ae80d105f43e0e7b56784da41b9

Patch

https://git.kernel.org/stable/c/3aa852e3605000d5c47035c3fc3a986d14ccfa9f

Patch

https://git.kernel.org/stable/c/86cd4641c713455a4f1c8e54c370c598c2b1cee0

Patch