CVE-2025-37890
Published: May 16, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea - < 273bbcfa53541cde38b2003ad88a59b770306421affected 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea - < e0cf8ee23e1915431f262a7b2dee0c7a7d699af0affected 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea - < e3e949a39a91d1f829a4890e7dfe9417ac72e4d0affected 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea - < 8df7d37d626430035b413b97cee18396b3450befaffected 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea - < 6082a87af4c52f58150d40dec1716011d871ac21+3 more versions |
Linux | Linux | affected 5.0unaffected 0 - < 5.0unaffected 5.4.294 - <= 5.4.*unaffected 5.10.238 - <= 5.10.*unaffected 5.15.182 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now