CVE-2025-68325
Published: Dec 18, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that the parent qdisc will enqueue the current packet. However, this assumption breaks when cake_enqueue() returns NET_XMIT_CN: the parent qdisc stops enqueuing current packet, leaving the tree qlen/backlog accounting inconsistent. This mismatch can lead to a NULL dereference (e.g., when the parent Qdisc is qfq_qdisc). This patch computes the qlen/backlog delta in a more robust way by observing the difference before and after the series of cake_drop() calls, and then compensates the qdisc tree accounting if cake_enqueue() returns NET_XMIT_CN. To ensure correct compensation when ACK thinning is enabled, a new variable is introduced to keep qlen unchanged.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected de04ddd2980b48caa8d7e24a7db2742917a8b280 - < a3f4e3de41a3f115db35276c6b186ccbc913934aaffected 0dacfc5372e314d1219f03e64dde3ab495a5a25e - < 38abf6e931b169ea88d7529b49096f53a5dcf8feaffected 710866fc0a64eafcb8bacd91bcb1329eb7e5035f - < fcb91be52eb6e92e00b533ebd7c77fecada537e1affected aa12ee1c1bd260943fd6ab556d8635811c332eeb - < d01f0e072dadb02fe10f436b940dd957aff0d7d4affected ff57186b2cc39766672c4c0332323933e5faaa88 - < 0b6216f9b3d1c33c76f74511026e5de5385ee520+12 more versions |
Linux | Linux | affected 6.17unaffected 0 - < 6.17unaffected 5.10.248 - <= 5.10.*unaffected 5.15.198 - <= 5.15.*unaffected 6.1.160 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now