-

CVE-2025-38107

EPSS 0.04%
Veröffentlicht 03.07.2025 08:35:17
Zuletzt bearbeitet 03.07.2025 15:13:53
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

net_sched: ets: fix a race in ets_qdisc_change()

Gerrard Tai reported a race condition in ETS, whenever SFQ perturb timer
fires at the wrong time.

The race is as follows:

CPU 0                                 CPU 1
[1]: lock root
[2]: qdisc_tree_flush_backlog()
[3]: unlock root
 |
 |                                    [5]: lock root
 |                                    [6]: rehash
 |                                    [7]: qdisc_tree_reduce_backlog()
 |
[4]: qdisc_put()

This can be abused to underflow a parent's qlen.

Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()
should fix the race, because all packets will be purged from the qdisc
before releasing the lock.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < eb7b74e9754e1ba2088f914ad1f57a778b11894b

Version 699d82e9a6db29d509a71f1f2f4316231e6232e6

Status affected

Version < 0b479d0aa488cb478eb2e1d8868be946ac8afb4f

Version ce881ddbdc028fb1988b66e40e45ca0529c23b46

Status affected

Version < 347867cb424edae5fec1622712c8dd0a2c42918f

Version b05972f01e7d30419987a1f221b5593668fd6448

Status affected

Version < 0383b25488a545be168744336847549d4a2d3d6c

Version b05972f01e7d30419987a1f221b5593668fd6448

Status affected

Version < 073f64c03516bcfaf790f8edc772e0cfb8a84ec3

Version b05972f01e7d30419987a1f221b5593668fd6448

Status affected

Version < fed94bd51d62d2e0e006aa61480e94e5cd0582b0

Version b05972f01e7d30419987a1f221b5593668fd6448

Status affected

Version < d92adacdd8c2960be856e0b82acc5b7c5395fddb

Version b05972f01e7d30419987a1f221b5593668fd6448

Status affected

Version fffa19b5e58c34004a0d6f642d9c24b11d213994

Status affected

Version fb155f6597cd7bc3aeed668c3bb15fc3b7cb257d

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.0

Status affected

Version < 6.0

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.239

Status unaffected

Version <= 5.15.*

Version 5.15.186

Status unaffected

Version <= 6.1.*

Version 6.1.142

Status unaffected

Version <= 6.6.*

Version 6.6.94

Status unaffected

Version <= 6.12.*

Version 6.12.34

Status unaffected

Version <= 6.15.*

Version 6.15.3

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/eb7b74e9754e1ba2088f914ad1f57a778b11894b

https://git.kernel.org/stable/c/0b479d0aa488cb478eb2e1d8868be946ac8afb4f

https://git.kernel.org/stable/c/347867cb424edae5fec1622712c8dd0a2c42918f

https://git.kernel.org/stable/c/0383b25488a545be168744336847549d4a2d3d6c

https://git.kernel.org/stable/c/073f64c03516bcfaf790f8edc772e0cfb8a84ec3

https://git.kernel.org/stable/c/fed94bd51d62d2e0e006aa61480e94e5cd0582b0

https://git.kernel.org/stable/c/d92adacdd8c2960be856e0b82acc5b7c5395fddb

https://nvd.nist.gov/vuln/detail/CVE-2025-38107

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38107

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38107

EUVD