7.8

CVE-2025-39766

net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit

The following setup can trigger a WARNING in htb_activate due to
the condition: !cl->leaf.q->q.qlen

tc qdisc del dev lo root
tc qdisc add dev lo root handle 1: htb default 1
tc class add dev lo parent 1: classid 1:1 \
       htb rate 64bit
tc qdisc add dev lo parent 1:1 handle f: \
       cake memlimit 1b
ping -I lo -f -c1 -s64 -W0.001 127.0.0.1

This is because the low memlimit leads to a low buffer_limit, which
causes packet dropping. However, cake_enqueue still returns
NET_XMIT_SUCCESS, causing htb_enqueue to call htb_activate with an
empty child qdisc. We should return NET_XMIT_CN when packets are
dropped from the same tin and flow.

I do not believe return value of NET_XMIT_CN is necessary for packet
drops in the case of ack filtering, as that is meant to optimize
performance, not to signal congestion.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19 < 5.4.297
LinuxLinux Kernel Version >= 5.5 < 5.10.241
LinuxLinux Kernel Version >= 5.11 < 5.15.190
LinuxLinux Kernel Version >= 5.16 < 6.1.149
LinuxLinux Kernel Version >= 6.2 < 6.6.103
LinuxLinux Kernel Version >= 6.7 < 6.12.44
LinuxLinux Kernel Version >= 6.13 < 6.16.4
LinuxLinux Kernel Version6.17 Updaterc1
LinuxLinux Kernel Version6.17 Updaterc2
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.064
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/7689ab22de36f8db19095f6bdf11f28cfde92f5c
Patch
https://git.kernel.org/stable/c/de04ddd2980b48caa8d7e24a7db2742917a8b280
Patch
https://git.kernel.org/stable/c/0dacfc5372e314d1219f03e64dde3ab495a5a25e
Patch
https://git.kernel.org/stable/c/710866fc0a64eafcb8bacd91bcb1329eb7e5035f
Patch
https://git.kernel.org/stable/c/aa12ee1c1bd260943fd6ab556d8635811c332eeb
Patch
https://git.kernel.org/stable/c/ff57186b2cc39766672c4c0332323933e5faaa88
Patch
https://git.kernel.org/stable/c/62d591dde4defb1333d202410609c4ddeae060b3
Patch
https://git.kernel.org/stable/c/15de71d06a400f7fdc15bf377a2552b0ec437cf5
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
Mailing List
https://cert-portal.siemens.com/productcert/html/ssa-032379.html