CVE-2025-38107
Published: Jul 3, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: fix a race in ets_qdisc_change() Gerrard Tai reported a race condition in ETS, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 699d82e9a6db29d509a71f1f2f4316231e6232e6 - < eb7b74e9754e1ba2088f914ad1f57a778b11894baffected ce881ddbdc028fb1988b66e40e45ca0529c23b46 - < 0b479d0aa488cb478eb2e1d8868be946ac8afb4faffected b05972f01e7d30419987a1f221b5593668fd6448 - < 347867cb424edae5fec1622712c8dd0a2c42918faffected b05972f01e7d30419987a1f221b5593668fd6448 - < 0383b25488a545be168744336847549d4a2d3d6caffected b05972f01e7d30419987a1f221b5593668fd6448 - < 073f64c03516bcfaf790f8edc772e0cfb8a84ec3+8 more versions |
Linux | Linux | affected 6.0unaffected 0 - < 6.0unaffected 5.10.239 - <= 5.10.*unaffected 5.15.186 - <= 5.15.*unaffected 6.1.142 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now