CVE-2025-38108
Published: Jul 3, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net_sched: red: fix a race in __red_change() Gerrard Tai reported a race condition in RED, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 0c8d13ac96070000da33f394f45e9c19638483c5 - < 2790c4ec481be45a80948d059cd7c9a06bc37493affected 0c8d13ac96070000da33f394f45e9c19638483c5 - < a1bf6a4e9264a685b0e642994031f9c5aad72414affected 0c8d13ac96070000da33f394f45e9c19638483c5 - < 110a47efcf23438ff8d31dbd9c854fae2a48bf98affected 0c8d13ac96070000da33f394f45e9c19638483c5 - < f569984417a4e12c67366e69bdcb752970de921daffected 0c8d13ac96070000da33f394f45e9c19638483c5 - < 2a71924ca4af59ffc00f0444732b6cd54b153d0e+3 more versions |
Linux | Linux | affected 5.0unaffected 0 - < 5.0unaffected 5.4.295 - <= 5.4.*unaffected 5.10.239 - <= 5.10.*unaffected 5.15.186 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now