CVE-2025-37915

HIGH EPSS 6.2%
Published May 20, 20251y ago · Modified Jun 17, 20261w ago
7.0 CVSS 3.1
High
Find Similar
Published May 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of drr, there won't be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. In addition to checking for qlen being zero, this patch checks whether the class was already added to the active_list (cl_is_active) before adding to the list to cover for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/

CVSS Details

Base Score
7.0
Exploitability
1.0
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
6.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-415

Affected Products 18

VendorProductVersionRange
linuxlinux_kernel*≥5.0.1  –  <5.4.294
linuxlinux_kernel*≥5.5  –  <5.10.238
linuxlinux_kernel*≥5.11  –  <5.15.182
linuxlinux_kernel*≥5.16  –  <6.1.138
linuxlinux_kernel*≥6.2  –  <6.6.90
linuxlinux_kernel*≥6.7  –  <6.12.28
linuxlinux_kernel*≥6.13  –  <6.14.6
linuxlinux_kernel5.0any
linuxlinux_kernel5.0any
linuxlinux_kernel5.0any
linuxlinux_kernel5.0any
linuxlinux_kernel5.0any
linuxlinux_kernel5.0any
linuxlinux_kernel5.0any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/26e75716b94d6ff9be5ea07d63675c4d189f30b4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2968632880f1792007eedd12eeedf7f6e2b7e9f3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4b07ac06b0a712923255aaf2691637693fc7100d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4f0ecf50cdf76da95828578a92f130b653ac2fcf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5da3aad1a13e7edb8ff0778a444ccf49930313e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab2248110738d4429668140ad22f530a9ee730e1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db205b92dfe0501e5b92fb7cf00971d0e44ba3eb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f99a3fbf023e20b626be4b0f042463d598050c9a
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
    Mailing List
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing List

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/26e75716b94d6ff9be5ea07d63675c4d189f30b4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2968632880f1792007eedd12eeedf7f6e2b7e9f3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4b07ac06b0a712923255aaf2691637693fc7100d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4f0ecf50cdf76da95828578a92f130b653ac2fcf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5da3aad1a13e7edb8ff0778a444ccf49930313e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab2248110738d4429668140ad22f530a9ee730e1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db205b92dfe0501e5b92fb7cf00971d0e44ba3eb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f99a3fbf023e20b626be4b0f042463d598050c9a
    Patch