We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-37913

net_sched: qfq: Fix double list add in class with netem as child qdisc



Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of qfq, there won't be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. This patch checks whether the class was already added to the agg->active list (cl_is_active) before doing the addition to cater for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/

Reserved 2025-04-16 | Published 2025-05-20 | Updated 2025-06-04 | Assigner Linux

Product status

Default status
unaffected

37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea before 041f410aec2c1751ee22b8b73ba05d38c3a6a602
affected

37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea before 005a479540478a820c52de098e5e767e63e36f0a
affected

37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea before 0bf32d6fb1fcbf841bb9945570e0e2a70072c00f
affected

37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea before 0aa23e0856b7cedb3c88d8e3d281c212c7e4fbeb
affected

37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea before a43783119e01849fbf2fe8855634e8989b240cb4
affected

37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea before 53bc0b55178bd59bdd4bcd16349505cabf54b1a2
affected

37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea before 370218e8ce711684acc4cdd3cc3c6dd7956bc165
affected

37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea before f139f37dcdf34b67f5bf92bc8e0f7f6b3ac63aa4
affected

Default status
affected

5.0
affected

Any version before 5.0
unaffected

5.4.294
unaffected

5.10.238
unaffected

5.15.182
unaffected

6.1.138
unaffected

6.6.90
unaffected

6.12.28
unaffected

6.14.6
unaffected

6.15
unaffected

References

git.kernel.org/...c/041f410aec2c1751ee22b8b73ba05d38c3a6a602

git.kernel.org/...c/005a479540478a820c52de098e5e767e63e36f0a

git.kernel.org/...c/0bf32d6fb1fcbf841bb9945570e0e2a70072c00f

git.kernel.org/...c/0aa23e0856b7cedb3c88d8e3d281c212c7e4fbeb

git.kernel.org/...c/a43783119e01849fbf2fe8855634e8989b240cb4

git.kernel.org/...c/53bc0b55178bd59bdd4bcd16349505cabf54b1a2

git.kernel.org/...c/370218e8ce711684acc4cdd3cc3c6dd7956bc165

git.kernel.org/...c/f139f37dcdf34b67f5bf92bc8e0f7f6b3ac63aa4

cve.org (CVE-2025-37913)

nvd.nist.gov (CVE-2025-37913)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-37913

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.