CVE-2025-38177

MEDIUM EPSS 4.7%
Published Jul 4, 202512mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 4, 2025 12mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life: 1. update_vf() decreases cl->cl_nactive, so we can check whether it is non-zero before calling it. 2. eltree_remove() always removes RB node cl->el_node, but we can use RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-459

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel* <5.4.297
linuxlinux_kernel*≥5.5  –  <5.10.241
linuxlinux_kernel*≥5.11  –  <5.15.190
linuxlinux_kernel*≥5.16  –  <6.1.138
linuxlinux_kernel*≥6.2  –  <6.6.90
linuxlinux_kernel*≥6.7  –  <6.12.28
linuxlinux_kernel*≥6.13  –  <6.14.6
linuxlinux_kernel6.15any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/0475c85426b18eccdcb7f9fb58d8f8e9c6c58c87
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/51eb3b65544c9efd6a1026889ee5fb5aa62da3bb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72c61ffbeeb8c50f6d4d70c65d3283aa1bac57a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9030a91235ae4845ec71902c3e0cecfc9ed1f2df
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9a5fd5c2f4d4afdd5e405083ee53e0789ce76956
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a5efc95a33bd4fcb879250852828cc58c7862970
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c1175c4ad01dbc9c979d099861fa90a754f72059
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d06476714d2819b550e0cc39222347e2c8941c9d
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0475c85426b18eccdcb7f9fb58d8f8e9c6c58c87
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/51eb3b65544c9efd6a1026889ee5fb5aa62da3bb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72c61ffbeeb8c50f6d4d70c65d3283aa1bac57a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9030a91235ae4845ec71902c3e0cecfc9ed1f2df
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9a5fd5c2f4d4afdd5e405083ee53e0789ce76956
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a5efc95a33bd4fcb879250852828cc58c7862970
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c1175c4ad01dbc9c979d099861fa90a754f72059
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d06476714d2819b550e0cc39222347e2c8941c9d
    Patch