7.8
CVE-2025-39766
- EPSS 0.17%
- Veröffentlicht 11.09.2025 16:56:21
- Zuletzt bearbeitet 12.05.2026 13:17:10
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
The following setup can trigger a WARNING in htb_activate due to
the condition: !cl->leaf.q->q.qlen
tc qdisc del dev lo root
tc qdisc add dev lo root handle 1: htb default 1
tc class add dev lo parent 1: classid 1:1 \
htb rate 64bit
tc qdisc add dev lo parent 1:1 handle f: \
cake memlimit 1b
ping -I lo -f -c1 -s64 -W0.001 127.0.0.1
This is because the low memlimit leads to a low buffer_limit, which
causes packet dropping. However, cake_enqueue still returns
NET_XMIT_SUCCESS, causing htb_enqueue to call htb_activate with an
empty child qdisc. We should return NET_XMIT_CN when packets are
dropped from the same tin and flow.
I do not believe return value of NET_XMIT_CN is necessary for packet
drops in the case of ack filtering, as that is meant to optimize
performance, not to signal congestion.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.19 < 5.4.297
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.241
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.190
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.149
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.103
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.44
Linux ≫ Linux Kernel Version >= 6.13 < 6.16.4
Linux ≫ Linux Kernel Version6.17 Updaterc1
Linux ≫ Linux Kernel Version6.17 Updaterc2
Debian ≫ Debian Linux Version11.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.064 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
https://git.kernel.org/stable/c/7689ab22de36f8db19095f6bdf11f28cfde92f5c
https://git.kernel.org/stable/c/de04ddd2980b48caa8d7e24a7db2742917a8b280
https://git.kernel.org/stable/c/0dacfc5372e314d1219f03e64dde3ab495a5a25e
https://git.kernel.org/stable/c/710866fc0a64eafcb8bacd91bcb1329eb7e5035f
https://git.kernel.org/stable/c/aa12ee1c1bd260943fd6ab556d8635811c332eeb
https://git.kernel.org/stable/c/ff57186b2cc39766672c4c0332323933e5faaa88
https://git.kernel.org/stable/c/62d591dde4defb1333d202410609c4ddeae060b3
https://git.kernel.org/stable/c/15de71d06a400f7fdc15bf377a2552b0ec437cf5
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
https://cert-portal.siemens.com/productcert/html/ssa-032379.html