CVE-2025-38107

HIGH EPSS 2.6%
Published Jul 3, 202512mo ago · Modified Jun 17, 20261w ago
7.0 CVSS 3.1
High
Find Similar
Published Jul 3, 2025 12mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: fix a race in ets_qdisc_change() Gerrard Tai reported a race condition in ETS, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.

CVSS Details

Base Score
7.0
Exploitability
1.0
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 15

VendorProductVersionRange
linuxlinux_kernel*≥5.4.213  –  <5.5
linuxlinux_kernel*≥5.10.142  –  <5.10.239
linuxlinux_kernel*≥5.15.66  –  <5.15.186
linuxlinux_kernel*≥5.19.8  –  <6.0
linuxlinux_kernel*≥6.0.1  –  <6.1.142
linuxlinux_kernel*≥6.2  –  <6.6.94
linuxlinux_kernel*≥6.7  –  <6.12.34
linuxlinux_kernel*≥6.13  –  <6.15.3
linuxlinux_kernel6.0any
linuxlinux_kernel6.0any
linuxlinux_kernel6.0any
linuxlinux_kernel6.0any
linuxlinux_kernel6.0any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/0383b25488a545be168744336847549d4a2d3d6c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/073f64c03516bcfaf790f8edc772e0cfb8a84ec3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0b479d0aa488cb478eb2e1d8868be946ac8afb4f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/347867cb424edae5fec1622712c8dd0a2c42918f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d92adacdd8c2960be856e0b82acc5b7c5395fddb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eb7b74e9754e1ba2088f914ad1f57a778b11894b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fed94bd51d62d2e0e006aa61480e94e5cd0582b0
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0383b25488a545be168744336847549d4a2d3d6c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/073f64c03516bcfaf790f8edc772e0cfb8a84ec3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0b479d0aa488cb478eb2e1d8868be946ac8afb4f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/347867cb424edae5fec1622712c8dd0a2c42918f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d92adacdd8c2960be856e0b82acc5b7c5395fddb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eb7b74e9754e1ba2088f914ad1f57a778b11894b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fed94bd51d62d2e0e006aa61480e94e5cd0582b0
    Patch