-

CVE-2025-40083

EPSS 0.06%
Veröffentlicht 29.10.2025 13:37:01
Zuletzt bearbeitet 06.12.2025 22:15:52
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_qfq: Fix null-deref in agg_dequeue

To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c)
when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return
value before using it, similar to the existing approach in sch_hfsc.c.

To avoid code duplication, the following changes are made:

1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static
inline function.

2. Moved qdisc_peek_len from net/sched/sch_hfsc.c to
include/net/pkt_sched.h so that sch_qfq can reuse it.

3. Applied qdisc_peek_len in agg_dequeue to avoid crashing.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 71d84658a61322e5630c85c5388fc25e4a2d08b2

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 99fc137f178797204d36ac860dd8b31e35baa2df

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 1bed56f089f09b465420bf23bb32985c305cfc28

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 3c2a8994807623c7655ece205667ae2cf74940aa

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 6ffa9d66187188e3068b5a3895e6ae1ee34f9199

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 6ff8e74c8f8a68ec07ef837b95425dfe900d060f

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < dd831ac8221e691e9e918585b1003c7071df0379

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 5.4.*

Version 5.4.302

Status unaffected

Version <= 5.10.*

Version 5.10.247

Status unaffected

Version <= 5.15.*

Version 5.15.197

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.116

Status unaffected

Version <= 6.12.*

Version 6.12.57

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.191

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/dd831ac8221e691e9e918585b1003c7071df0379

https://git.kernel.org/stable/c/6ff8e74c8f8a68ec07ef837b95425dfe900d060f

https://git.kernel.org/stable/c/6ffa9d66187188e3068b5a3895e6ae1ee34f9199

https://git.kernel.org/stable/c/71d84658a61322e5630c85c5388fc25e4a2d08b2

https://git.kernel.org/stable/c/1bed56f089f09b465420bf23bb32985c305cfc28

https://git.kernel.org/stable/c/3c2a8994807623c7655ece205667ae2cf74940aa

https://git.kernel.org/stable/c/99fc137f178797204d36ac860dd8b31e35baa2df

https://nvd.nist.gov/vuln/detail/CVE-2025-40083

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40083

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40083

EUVD