-

CVE-2025-38477

EPSS 0.04%
Veröffentlicht 28.07.2025 11:21:38
Zuletzt bearbeitet 28.08.2025 15:15:49
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_qfq: Fix race condition on qfq_aggregate

A race condition can occur when 'agg' is modified in qfq_change_agg
(called during qfq_enqueue) while other threads access it
concurrently. For example, qfq_dump_class may trigger a NULL
dereference, and qfq_delete_class may cause a use-after-free.

This patch addresses the issue by:

1. Moved qfq_destroy_class into the critical section.

2. Added sch_tree_lock protection to qfq_dump_class and
qfq_dump_class_stats.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < aa7a22c4d678bf649fd3a1d27debec583563414d

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < d841aa5518508ab195b6781ad0d73ee378d713dd

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < c6df794000147a3a02f79984aada4ce83f8d0a1e

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < 466e10194ab81caa2ee6a332d33ba16bcceeeba6

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < fbe48f06e64134dfeafa89ad23387f66ebca3527

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < a6d735100f602c830c16d69fb6d780eebd8c9ae1

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < c000a3a330d97f6c073ace5aa5faf94b9adb4b79

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < 5e28d5a3f774f118896aec17a3a20a9c5c9dfc64

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.8

Status affected

Version < 3.8

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.297

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.147

Status unaffected

Version <= 6.6.*

Version 6.6.100

Status unaffected

Version <= 6.12.*

Version 6.12.40

Status unaffected

Version <= 6.15.*

Version 6.15.8

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/466e10194ab81caa2ee6a332d33ba16bcceeeba6

https://git.kernel.org/stable/c/fbe48f06e64134dfeafa89ad23387f66ebca3527

https://git.kernel.org/stable/c/a6d735100f602c830c16d69fb6d780eebd8c9ae1

https://git.kernel.org/stable/c/c000a3a330d97f6c073ace5aa5faf94b9adb4b79

https://git.kernel.org/stable/c/5e28d5a3f774f118896aec17a3a20a9c5c9dfc64

https://git.kernel.org/stable/c/aa7a22c4d678bf649fd3a1d27debec583563414d

https://git.kernel.org/stable/c/c6df794000147a3a02f79984aada4ce83f8d0a1e

https://git.kernel.org/stable/c/d841aa5518508ab195b6781ad0d73ee378d713dd

https://nvd.nist.gov/vuln/detail/CVE-2025-38477

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38477

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38477

EUVD