-

CVE-2025-38477

EPSS 0.04%
Published 28.07.2025 11:21:38
Last modified 28.08.2025 15:15:49
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_qfq: Fix race condition on qfq_aggregate

A race condition can occur when 'agg' is modified in qfq_change_agg
(called during qfq_enqueue) while other threads access it
concurrently. For example, qfq_dump_class may trigger a NULL
dereference, and qfq_delete_class may cause a use-after-free.

This patch addresses the issue by:

1. Moved qfq_destroy_class into the critical section.

2. Added sch_tree_lock protection to qfq_dump_class and
qfq_dump_class_stats.

Affected products Warnungen 0 Metrics 1 CWE 0 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < aa7a22c4d678bf649fd3a1d27debec583563414d

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < d841aa5518508ab195b6781ad0d73ee378d713dd

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < c6df794000147a3a02f79984aada4ce83f8d0a1e

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < 466e10194ab81caa2ee6a332d33ba16bcceeeba6

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < fbe48f06e64134dfeafa89ad23387f66ebca3527

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < a6d735100f602c830c16d69fb6d780eebd8c9ae1

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < c000a3a330d97f6c073ace5aa5faf94b9adb4b79

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

Version < 5e28d5a3f774f118896aec17a3a20a9c5c9dfc64

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 3.8

Status affected

Version < 3.8

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.297

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.147

Status unaffected

Version <= 6.6.*

Version 6.6.100

Status unaffected

Version <= 6.12.*

Version 6.12.40

Status unaffected

Version <= 6.15.*

Version 6.15.8

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/466e10194ab81caa2ee6a332d33ba16bcceeeba6

https://git.kernel.org/stable/c/fbe48f06e64134dfeafa89ad23387f66ebca3527

https://git.kernel.org/stable/c/a6d735100f602c830c16d69fb6d780eebd8c9ae1

https://git.kernel.org/stable/c/c000a3a330d97f6c073ace5aa5faf94b9adb4b79

https://git.kernel.org/stable/c/5e28d5a3f774f118896aec17a3a20a9c5c9dfc64

https://git.kernel.org/stable/c/aa7a22c4d678bf649fd3a1d27debec583563414d

https://git.kernel.org/stable/c/c6df794000147a3a02f79984aada4ce83f8d0a1e

https://git.kernel.org/stable/c/d841aa5518508ab195b6781ad0d73ee378d713dd

https://nvd.nist.gov/vuln/detail/CVE-2025-38477

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38477

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38477

EUVD