-

CVE-2025-40083

EPSS 0.08%
Veröffentlicht 29.10.2025 13:37:01
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

net/sched: sch_qfq: Fix null-deref in agg_dequeue

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_qfq: Fix null-deref in agg_dequeue

To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c)
when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return
value before using it, similar to the existing approach in sch_hfsc.c.

To avoid code duplication, the following changes are made:

1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static
inline function.

2. Moved qdisc_peek_len from net/sched/sch_hfsc.c to
include/net/pkt_sched.h so that sch_qfq can reuse it.

3. Applied qdisc_peek_len in agg_dequeue to avoid crashing.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

CNA 2 VulnDex Vulnerability Enrichment 12

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Version < 71d84658a61322e5630c85c5388fc25e4a2d08b2

Status affected

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Version < 99fc137f178797204d36ac860dd8b31e35baa2df

Status affected

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Version < 1bed56f089f09b465420bf23bb32985c305cfc28

Status affected

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Version < 3c2a8994807623c7655ece205667ae2cf74940aa

Status affected

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Version < 6ffa9d66187188e3068b5a3895e6ae1ee34f9199

Status affected

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Version < 6ff8e74c8f8a68ec07ef837b95425dfe900d060f

Status affected

Version 462dbc9101acd38e92eda93c0726857517a24bbd

Version < dd831ac8221e691e9e918585b1003c7071df0379

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.8

Status affected

Version 0

Version < 3.8

Status unaffected

Version <= 5.4.*

Version 5.4.302

Status unaffected

Version <= 5.10.*

Version 5.10.247

Status unaffected

Version <= 5.15.*

Version 5.15.197

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.116

Status unaffected

Version <= 6.12.*

Version 6.12.57

Status unaffected

Version <= *

Version 6.16

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.228

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/dd831ac8221e691e9e918585b1003c7071df0379

https://git.kernel.org/stable/c/6ff8e74c8f8a68ec07ef837b95425dfe900d060f

https://git.kernel.org/stable/c/6ffa9d66187188e3068b5a3895e6ae1ee34f9199

https://git.kernel.org/stable/c/71d84658a61322e5630c85c5388fc25e4a2d08b2

https://git.kernel.org/stable/c/1bed56f089f09b465420bf23bb32985c305cfc28

https://git.kernel.org/stable/c/3c2a8994807623c7655ece205667ae2cf74940aa

https://git.kernel.org/stable/c/99fc137f178797204d36ac860dd8b31e35baa2df

https://nvd.nist.gov/vuln/detail/CVE-2025-40083

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40083

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40083

EUVD