21 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/sched: schets: do not peek at classes beyond ‘nbands’ When the number of DRR classes decreases, the round-robin active list may contain elements that have already been freed in etsqdiscchange. As a result, it’s possible to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netsched: Prevent the creation of classes with TCHROOT. The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing the qdisc tree to update parent backlogs. However, if a class is created with...
Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014347)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014347 advisory. In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog qdisctreereducebacklog notifies parent qdi...
Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-013398)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013398 advisory. In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog qdisctreereducebacklog notifies parent qdi...
net/sched: ets: Remove drr class from the active list if it changes to strict
...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987351)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987351 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schets: don't peek at classes beyond 'nbands' when the number of DRR classes decreases...
EUVD-2025-26785
Malicious code in bioql PyPI...
CLSA-2025-1758009294 kernel: Fix of 3 CVEs
posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-2025-38352 - schqfq: make qfqqlennotify idempotent CVE-2025-38177 - schhfsc: make hfscqlennotify idempotent CVE-2025-38177 - schdrr: make drrqlennotify idempotent CVE-2025-38177 - schhtb: make htbqlennotify...
CVE-2025-38684
CVE-2025-38684 affects the Linux kernel’s net/sched ETS implementation. The issue arose from purging unused DRR queues during ets_qdisc_change(), where the code used the new value of q->nbands for cleanup. The fix ensures the purge uses the old values of q->nbands (and q->nstrict), so pu...
Oracle Linux 10 : kernel (ELSA-2025-13598)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-13598 advisory. - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds - CVE-2025-38159 - Revert 'smb: client: fix TCP timers deadlock after rmmod'...
net_sched: drr: Fix double list add in class with netem as child qdisc
...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog. The qdisctreereducebacklog function only notifies the parent qdisc if the child qdisc becomes empty. Therefore, we need to reduce the backlog of the child qdisc before calli...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: netsched: drr: A double addition was corrected in the class, where netem is a child qdisc. As described in Gerrard’s report 1, there are use cases where a netem child qdisc can make the parent qdisc’s enqueue callback reentrant. ...
UBUNTU-CVE-2025-37915
In the Linux kernel, the following vulnerability has been resolved: netsched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of drr,...
SUSE CVE-2025-21971
In the Linux kernel, the following vulnerability has been resolved: netsched: Prevent creation of classes with TCHROOT The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created wi...
DEBIAN-CVE-2025-21703
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog qdisctreereducebacklog notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it wou...
AZL-58965 CVE-2025-21703 affecting package kernel for versions less than 5.15.180.1-1
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog qdisctreereducebacklog notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it wou...
UBUNTU-CVE-2025-21703
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog qdisctreereducebacklog notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it wou...
SUSE CVE-2021-47557
In the Linux kernel, the following vulnerability has been resolved: net/sched: schets: don't peek at classes beyond 'nbands' when the number of DRR classes decreases, the round-robin active list can contain elements that have already been freed in etsqdiscchange. As a consequence, it's possible t...
DEBIAN-CVE-2021-47557
In the Linux kernel, the following vulnerability has been resolved: net/sched: schets: don't peek at classes beyond 'nbands' when the number of DRR classes decreases, the round-robin active list can contain elements that have already been freed in etsqdiscchange. As a consequence, it's possible t...