We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38193

net_sched: sch_sfq: reject invalid perturb period



Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: reject invalid perturb period Gerrard Tai reported that SFQ perturb_period has no range check yet, and this can be used to trigger a race condition fixed in a separate patch. We want to make sure ctl->perturb_period * HZ will not overflow and is positive. tc qd add dev lo root sfq perturb -10 # negative value : error Error: sch_sfq: invalid perturb period. tc qd add dev lo root sfq perturb 1000000000 # too big : error Error: sch_sfq: invalid perturb period. tc qd add dev lo root sfq perturb 2000000 # acceptable value tc -s -d qd sh dev lo qdisc sfq 8005: root refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 perturb 2000000sec Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0

Reserved 2025-04-16 | Published 2025-07-04 | Updated 2025-07-04 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 956b5aebb349449b38d920d444ca1392d43719d1
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before b11a50544af691b787384089b68f740ae20a441b
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 0357da9149eac621f39e235a135ebf155f01f7c3
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before f9b97d466e6026ccbdda30bb5b71965b67ccbc82
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 590b2d7d0beadba2aa576708a05a05f0aae39295
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 7ca52541c05c832d32b112274f81a985101f9ba8
affected

Default status
affected

2.6.12
affected

Any version before 2.6.12
unaffected

5.15.186
unaffected

6.1.142
unaffected

6.6.95
unaffected

6.12.35
unaffected

6.15.4
unaffected

6.16-rc2
unaffected

References

git.kernel.org/...c/956b5aebb349449b38d920d444ca1392d43719d1

git.kernel.org/...c/b11a50544af691b787384089b68f740ae20a441b

git.kernel.org/...c/0357da9149eac621f39e235a135ebf155f01f7c3

git.kernel.org/...c/f9b97d466e6026ccbdda30bb5b71965b67ccbc82

git.kernel.org/...c/590b2d7d0beadba2aa576708a05a05f0aae39295

git.kernel.org/...c/7ca52541c05c832d32b112274f81a985101f9ba8

cve.org (CVE-2025-38193)

nvd.nist.gov (CVE-2025-38193)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38193

Support options

Helpdesk Chat, Email, Knowledgebase