CVE-2025-21971

MEDIUM EPSS 7.1%
Published Apr 1, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 1, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TC_H_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, this could lead to a crash as reported by Mingi Cho. Prevent the creation of any Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) across all qdisc types, as suggested by Jamal.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
7.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-835

Affected Products 14

VendorProductVersionRange
linuxlinux_kernel*≥2.6.26  –  <5.4.292
linuxlinux_kernel*≥5.5  –  <5.10.236
linuxlinux_kernel*≥5.11  –  <5.15.180
linuxlinux_kernel*≥5.16  –  <6.1.132
linuxlinux_kernel*≥6.2  –  <6.6.84
linuxlinux_kernel*≥6.7  –  <6.12.20
linuxlinux_kernel*≥6.13  –  <6.13.8
linuxlinux_kernel2.6.25any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/003d92c91cdb5a64b25a9a74cb8543aac9a8bb48
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0c3057a5a04d07120b3d0ec9c79568fceb9c921e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5c3ca9cb48b51bd72bf76b8b05e24f3cd53db5e7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/78533c4a29ac3aeddce4b481770beaaa4f3bfb67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a82fe67a9f4d7123d8e5ba8f0f0806c28695006
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94edfdfb9505ab608e86599d1d1e38c83816fc1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e05d9938b1b0ac40b6054cc5fa0ccbd9afd5ed4c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e5ee00607bbfc97ef1526ea95b6b2458ac9e7cb7
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/003d92c91cdb5a64b25a9a74cb8543aac9a8bb48
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0c3057a5a04d07120b3d0ec9c79568fceb9c921e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5c3ca9cb48b51bd72bf76b8b05e24f3cd53db5e7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/78533c4a29ac3aeddce4b481770beaaa4f3bfb67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a82fe67a9f4d7123d8e5ba8f0f0806c28695006
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94edfdfb9505ab608e86599d1d1e38c83816fc1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e05d9938b1b0ac40b6054cc5fa0ccbd9afd5ed4c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e5ee00607bbfc97ef1526ea95b6b2458ac9e7cb7
    Patch