Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: fixed the lockdep issue in qdisctreereducebacklog The qdisctreereducebacklog function is called with the qdisc lock held, not RTNL. We must use qdisclookuprcu instead of qdisclookup. syzbot reported: WARNING:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - In the net:sched section, there is a fix for the order of qlen adjustment. - Changes to sch-q.qlen related to qdisctreereducebacklog need to occur before a call to that function. Otherwise, it may fail to notify the parent...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: Restricted conditions were added for adding duplicate netems into a qdisc tree. The duplication prevention logic of netemenqueue breaks when a netem resides in a qdisc tree along with other netems. This can lead to ...

CVE-2025-68325

In the Linux kernel, the following vulnerability has been resolved: net/sched: schcake: Fix incorrect qlen reduction in cakedrop In cakedrop, qdisctreereducebacklog is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cakeenqueue, assumes that the parent qdisc will enqueue t...

UBUNTU-CVE-2025-68325

In the Linux kernel, the following vulnerability has been resolved: net/sched: schcake: Fix incorrect qlen reduction in cakedrop In cakedrop, qdisctreereducebacklog is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cakeenqueue, assumes that the parent qdisc will enqueue t...

CVE-2025-68325

CVE-2025-68325 is a Linux kernel vulnerability in the net/sched cake path. The fix addresses an incorrect qlen/backlog reduction in cake_drop when cake_enqueue() may return NET_XMIT_CN, which could leave the qdisc tree accounting inconsistent and lead to a NULL dereference (e.g., if the parent is...

EUVD-2025-26107

Malicious code in bioql PyPI...

net/sched: Restrict conditions for adding duplicating netems to qdisc tree

...

Linux Distros Unpatched Vulnerability : CVE-2025-38553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: Restrict conditions for adding duplicating netems to qdisc tree netemenqueue's duplication prevention logic breaks when a netem resides in a qdisc tr...

SUSE CVE-2025-38553

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

AZL-73791 CVE-2025-38553 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netemenqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in...

AZL-66437 CVE-2025-38553 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netemenqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in...

UBUNTU-CVE-2025-38553

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-38553

CVE-2025-38553 affects the Linux kernel (net/sched). The issue concerns the duplication logic for netem instances in a qdisc tree, where the existing netem_enqueue handling can misbehave when a netem coexists with others, potentially causing a soft lockup or OOM loop in netem_dequeue. The connect...

CVE-2025-38553 net/sched: Restrict conditions for adding duplicating netems to qdisc tree

In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netemenqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the duplicate prevention logic of netemenqueue failing in the presence of multiple netems in the qdisc tree,...

CVE-2025-38083 net_sched: prio: fix a race in prio_tune()

In the Linux kernel, the following vulnerability has been resolved: netsched: prio: fix a race in priotune Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 1: lock root 2: qdisctreeflushbacklog 3: unlock root | ...

DEBIAN-CVE-2025-37932

In the Linux kernel, the following vulnerability has been resolved: schhtb: make htbqlennotify idempotent htbqlennotify always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like...

CVE-2025-21971 net_sched: Prevent creation of classes with TC_H_ROOT

In the Linux kernel, the following vulnerability has been resolved: netsched: Prevent creation of classes with TCHROOT The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created wi...

CVE-2025-21971 net_sched: Prevent creation of classes with TC_H_ROOT

In the Linux kernel, the following vulnerability has been resolved: netsched: Prevent creation of classes with TCHROOT The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created wi...