-

CVE-2025-38083

EPSS 0.05%
Veröffentlicht 20.06.2025 11:21:51
Zuletzt bearbeitet 27.06.2025 11:15:25
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

net_sched: prio: fix a race in prio_tune()

Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer
fires at the wrong time.

The race is as follows:

CPU 0                                 CPU 1
[1]: lock root
[2]: qdisc_tree_flush_backlog()
[3]: unlock root
 |
 |                                    [5]: lock root
 |                                    [6]: rehash
 |                                    [7]: qdisc_tree_reduce_backlog()
 |
[4]: qdisc_put()

This can be abused to underflow a parent's qlen.

Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()
should fix the race, because all packets will be purged from the qdisc
before releasing the lock.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 53d11560e957d53ee87a0653d258038ce12361b7

Version 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7

Status affected

Version < 4483d8b9127591c60c4eb789d6cab953bc4522a9

Version 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7

Status affected

Version < 20f68e6a9e41693cb0e55e5b9ebbcb40983a4b8f

Version 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7

Status affected

Version < 3aaa7c01cf19d9b9bb64b88b65c3a6fd05da2eb4

Version 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7

Status affected

Version < 46c15c9d0f65c9ba857d63f53264f4b17e8a715f

Version 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7

Status affected

Version < e3f6745006dc9423d2b065b90f191cfa11b1b584

Version 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7

Status affected

Version < 93f9eeb678d4c9c1abf720b3615fa8299a490845

Version 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7

Status affected

Version < d35acc1be3480505b5931f17e4ea9b7617fea4d3

Version 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.0

Status affected

Version < 5.0

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.295

Status unaffected

Version <= 5.10.*

Version 5.10.239

Status unaffected

Version <= 5.15.*

Version 5.15.186

Status unaffected

Version <= 6.1.*

Version 6.1.142

Status unaffected

Version <= 6.6.*

Version 6.6.94

Status unaffected

Version <= 6.12.*

Version 6.12.34

Status unaffected

Version <= 6.15.*

Version 6.15.3

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.162

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/46c15c9d0f65c9ba857d63f53264f4b17e8a715f

https://git.kernel.org/stable/c/e3f6745006dc9423d2b065b90f191cfa11b1b584

https://git.kernel.org/stable/c/93f9eeb678d4c9c1abf720b3615fa8299a490845

https://git.kernel.org/stable/c/d35acc1be3480505b5931f17e4ea9b7617fea4d3

https://git.kernel.org/stable/c/20f68e6a9e41693cb0e55e5b9ebbcb40983a4b8f

https://git.kernel.org/stable/c/3aaa7c01cf19d9b9bb64b88b65c3a6fd05da2eb4

https://git.kernel.org/stable/c/4483d8b9127591c60c4eb789d6cab953bc4522a9

https://git.kernel.org/stable/c/53d11560e957d53ee87a0653d258038ce12361b7

https://nvd.nist.gov/vuln/detail/CVE-2025-38083

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38083

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38083

EUVD