CVE-2025-68325

EPSS 0.06%
Veröffentlicht 18.12.2025 15:16:06
Zuletzt bearbeitet 19.01.2026 13:16:09
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop

In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen
and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes
that the parent qdisc will enqueue the current packet. However, this
assumption breaks when cake_enqueue() returns NET_XMIT_CN: the parent
qdisc stops enqueuing current packet, leaving the tree qlen/backlog
accounting inconsistent. This mismatch can lead to a NULL dereference
(e.g., when the parent Qdisc is qfq_qdisc).

This patch computes the qlen/backlog delta in a more robust way by
observing the difference before and after the series of cake_drop()
calls, and then compensates the qdisc tree accounting if cake_enqueue()
returns NET_XMIT_CN.

To ensure correct compensation when ACK thinning is enabled, a new
variable is introduced to keep qlen unchanged.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < a3f4e3de41a3f115db35276c6b186ccbc913934a

Version de04ddd2980b48caa8d7e24a7db2742917a8b280

Status affected

Version < 38abf6e931b169ea88d7529b49096f53a5dcf8fe

Version 0dacfc5372e314d1219f03e64dde3ab495a5a25e

Status affected

Version < fcb91be52eb6e92e00b533ebd7c77fecada537e1

Version 710866fc0a64eafcb8bacd91bcb1329eb7e5035f

Status affected

Version < d01f0e072dadb02fe10f436b940dd957aff0d7d4

Version aa12ee1c1bd260943fd6ab556d8635811c332eeb

Status affected

Version < 0b6216f9b3d1c33c76f74511026e5de5385ee520

Version ff57186b2cc39766672c4c0332323933e5faaa88

Status affected

Version < 529c284cc2815c8350860e9a31722050fe7117cb

Version 15de71d06a400f7fdc15bf377a2552b0ec437cf5

Status affected

Version < 3ed6c458530a547ed0c9ea0b02b19bab620be88b

Version 15de71d06a400f7fdc15bf377a2552b0ec437cf5

Status affected

Version < 9fefc78f7f02d71810776fdeb119a05a946a27cc

Version 15de71d06a400f7fdc15bf377a2552b0ec437cf5

Status affected

Version 7689ab22de36f8db19095f6bdf11f28cfde92f5c

Status affected

Version 62d591dde4defb1333d202410609c4ddeae060b3

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.17

Status affected

Version < 6.17

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.63

Status unaffected

Version <= 6.17.*

Version 6.17.13

Status unaffected

Version <= 6.18.*

Version 6.18.2

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.191

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/0b6216f9b3d1c33c76f74511026e5de5385ee520

https://git.kernel.org/stable/c/3ed6c458530a547ed0c9ea0b02b19bab620be88b

https://git.kernel.org/stable/c/529c284cc2815c8350860e9a31722050fe7117cb

https://git.kernel.org/stable/c/9fefc78f7f02d71810776fdeb119a05a946a27cc

https://git.kernel.org/stable/c/d01f0e072dadb02fe10f436b940dd957aff0d7d4

https://git.kernel.org/stable/c/fcb91be52eb6e92e00b533ebd7c77fecada537e1

https://git.kernel.org/stable/c/38abf6e931b169ea88d7529b49096f53a5dcf8fe

https://git.kernel.org/stable/c/a3f4e3de41a3f115db35276c6b186ccbc913934a

https://nvd.nist.gov/vuln/detail/CVE-2025-68325

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68325

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68325

EUVD