CVE-2025-37914

CVE-2025-37914 is a Linux kernel network scheduler vulnerability in net_sched: ets where a netem child qdisc can trigger reentrant enqueue, causing the same classifier to be added twice to the active_list and potentially memory corruption. The patch adds an active check (cl_is_active) and guards ...

CVE-2025-37914 net_sched: ets: Fix double list add in class with netem as child qdisc

In the Linux kernel, the following vulnerability has been resolved: netsched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of ets,...

CVE-2025-37913

Summary: CVE-2025-37913 affects the Linux kernel’s net_sched/qfq when a netem child qdisc can cause the parent enqueue callback to be reentrant, risking memory corruption from adding the same classifier twice. The root cause is a double list add in the class when reentry occurs; the fix adds a gu...

CVE-2025-37913 net_sched: qfq: Fix double list add in class with netem as child qdisc

In the Linux kernel, the following vulnerability has been resolved: netsched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of qfq,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible duplicate addition of classifiers by the qfq scheduler in the case of netem subqueues, which coul...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the drr scheduler potentially duplicating the addition of classifiers in the case of netem subqueues,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the possibility that the ets scheduler may repeatedly add classifiers in the case of netem subqueues,...

CVE-2025-37890

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...

SUSE CVE-2025-37890

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...

CLSA-2025-1747430081 Fix of 50 CVEs

CVE-url: https://ubuntu.com/security/CVE-2021-47352 - virtio-net: Add validation for used length CVE-url: https://ubuntu.com/security/CVE-2024-46745 - Input: uinput - reject requests with unreasonable number of slots CVE-url: https://ubuntu.com/security/CVE-2024-44952 - driver core: Fix ueventsho...

CLSA-2025-1747430034 Fix of 54 CVEs

Bionic update: upstream stable patchset 2022-04-13 LP: 1968932 // CVE- url: https://ubuntu.com/security/CVE-2022-23041 - xen/gnttab: fix gnttabendforeignaccess without page specified Bionic update: upstream stable patchset 2023-01-20 LP: 2003596 // CVE- url:...

DEBIAN-CVE-2025-37890

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...

CVE-2025-37890

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...

CVE-2025-37890 net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...

CVE-2025-37890

CVE-2025-37890 affects the Linux kernel net_sched hfsc when a class has a netem child qdisc. The root cause is a use-after-free in class insertion into the vttree/eltree, which can occur in reentrant scenarios; the patch validates n_active to prevent double insertion. The fix is a kernel patch in...

CVE-2025-37890

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...

CVE-2025-37890 net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...

CVE-2025-37890 net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...

kernel: netem: fix return value if duplicate enqueue fails

A flaw use after free in the Linux kernel Network emulator NETEM functionality was found. A local user could use this flaw to crash the system or potentially escalate their privileges on the system...

kernel: sch/netem: fix use after free in netem_dequeue

A use-after-free vulnerability was found in the Linux kernel. If netemdequeue enqueues a packet to inner qdisc and that qdisc returns NETXMITSTOLEN, the packet is dropped but qdisctreereducebacklog is not called to update the parent's q.qlen...