CVE-2025-38001

Published Jun 6, 2025

Last updated a month ago

Linux Kernel

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-38001 is a vulnerability in the Linux kernel affecting the Hierarchical Fair Service Curve (HFSC) scheduler component. Disclosed on June 6, 2025, it involves a use-after-free (UAF) condition when HFSC is used with NETEM. The vulnerability stems from a bypass in a previous patch that attempted to address re-entrant enqueue issues. The flaw occurs because the patch only checks the `cl->cl_nactive` field to determine first insertion, but this field is only incremented by `init_vf`. By using `HFSC_RSC` (which uses `inited`), it's possible to bypass the check and insert the class twice in the eltree. This can lead to an infinite loop in `hfsc_dequeue` under normal conditions, but when combined with TBF as root qdisc configured with a very low rate, it can prevent packets from being dequeued, enabling subsequent insertions in the HFSC eltree and causing a UAF condition.

Description
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF." To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Awaiting Analysis

Social media

Hype score
Not currently trending

  1. Analysis and exploitation of a Use-After-Free vulnerability in the Linux network packet schedule (CVE-2025-38001) https://t.co/t0C6wWlyWI #infosec #Linux https://t.co/wsIxrGgwWo

    @0xor0ne

    2 Dec 2025

    8010 Impressions

    44 Retweets

    199 Likes

    106 Bookmarks

    1 Reply

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2023-41990 2 - CVE-2017-0144 3 - CVE-2025-49144 4 - CVE-2023-38606 5 - CVE-2025-38001 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    20 Oct 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨CVE-2025-38001: Linux HFSC Eltree Use-After-Free - Debian 12 PoC GitHub: https://t.co/1YTrZ15fRs Bounty: $82,000 Write-up: https://t.co/vFmqiueOZX https://t.co/QFSMgOjCpw

    @DarkWebInformer

    19 Oct 2025

    11334 Impressions

    23 Retweets

    106 Likes

    50 Bookmarks

    1 Reply

    0 Quotes

  4. Exploiting a Use-After-Free vulnerability in the Linux network packet schedule (CVE-2025-38001) https://t.co/t0C6wWlyWI Credits @cor_ctf #infosec #Linux https://t.co/ncVYtZAVwV

    @0xor0ne

    12 Oct 2025

    18770 Impressions

    42 Retweets

    225 Likes

    81 Bookmarks

    1 Reply

    1 Quote

  5. 🚨 CRITICAL: #SUSE releases kernel security patch SUSE-SU-2025:03222-1. Fixes 4 CVEs, including CVE-2025-38001 & CVE-2025-38212 (CVSS 8.5). Impacts SLE 15 SP6/SP7 & openSUSE Leap 15.6. Read more:👉 https://t.co/NozG7Yo3tN #Security https://t.co/Fkp5gTQbFk

    @Cezar_H_Linux

    16 Sept 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. URGENT: Patch SUSE Linux 15 SP5 now! Live Patch 20 fixes 10 kernel vulnerabilities, including CVE-2025-38001 (CVSS 8.5). Prevent privilege escalation and system crashes. Affected: #SUSE, #openSUSE Leap 15.5, #SAP servers. Read more: 👉 https://t.co/SmocRZdOFK https://t.co/5uS

    @Cezar_H_Linux

    15 Sept 2025

    60 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CRITICAL ALERT for @SUSELinux & @openSUSE users! Live Patch 17 for SLE 15 SP5/Leap 15.5 patches 9 vulnerabilities, including 2x CVSS 8.5 flaws (CVE-2025-38212, CVE-2025-38001). Read more:👉 https://t.co/YcyQobEZDQ #LinuxSecurity #CyberSecurity #SUSE https://t.co/khI04

    @Cezar_H_Linux

    14 Sept 2025

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. URGENT: Patch #SUSE Linux NOW. Live Patch 17 for SLE 15 SP5 fixes 9 critical kernel vulnerabilities (CVE-2025-38212, CVE-2025-38001, etc.). Risk: Local Privilege Escalation & DoS. Read more:👉 https://t.co/qZMhtWMRT4 https://t.co/f532a39oB0

    @Cezar_H_Linux

    14 Sept 2025

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Urgent: #SUSE releases Live Patch 41 for Linux Kernel (SLE 15 SP4/Leap 15.4). Patches 4 vulnerabilities: CVE-2025-37890, CVE-2025-38000, CVE-2025-38001 (CVSS 8.5), CVE-2025-38212 (CVSS 8.5). Read more: 👉 https://t.co/L6VAeHng7B #Security https://t.co/FyoVgvjs8m

    @Cezar_H_Linux

    13 Sept 2025

    113 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. URGENT: #SUSE releases critical Linux kernel security patch for SLE 15 SP4 and #openSUSE Leap 15.4. Fixes 6 vulnerabilities, including: ✅ CVE-2025-38212 (CVSS 8.5) - IPC UAF ✅ CVE-2025-38001 (CVSS 8.5) - HFSC flaw Read more:👉 https://t.co/uqFzf8yqz1 https://t.co/

    @Cezar_H_Linux

    13 Sept 2025

    114 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 Critical patch for #SUSE SLE 15 SP4 & #openSUSE Leap 15.4! Live Patch 31 fixes 9 kernel vulnerabilities, including high-severity CVEs: CVE-2025-38212 (CVSS 8.5). CVE-2025-38001 (CVSS 8.5) . Read more:👉 https://t.co/59ducSDAqD #Security https://t.co/NH2uNmjEHK

    @Cezar_H_Linux

    11 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. URGENT: #SUSE patches 6 critical Linux Kernel vulnerabilities (SUSE-SU-2025:03109-1). CVSS Scores up to 8.5! Impacts: CVE-2025-38212 (IPC), CVE-2025-38001 (HFSC), and more. Read more: 👉 https://t.co/BnY4fxSrYJ #Security https://t.co/i2uifmu70P

    @Cezar_H_Linux

    10 Sept 2025

    64 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. URGENT: #SUSE patches 5 critical CVEs in Linux Kernel RT for SLE 15 SP7. CVE-2025-38212 (CVSS 8.5): IPC flaw CVE-2025-38001 (CVSS 8.5): HFSC flaw Read more: 👉 https://t.co/X16DdiVkST https://t.co/NIxAz9kbmc

    @Cezar_H_Linux

    10 Sept 2025

    60 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. ''[CVE-2025-38001] Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k: A RBTree Family Drama (Part One: LTS & COS)'' #infosec #pentest #redteam #blueteam https://t.co/WRrelBgglY

    @CyberWarship

    20 Aug 2025

    2769 Impressions

    14 Retweets

    33 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

  15. Linux の脆弱性 CVE-2025-38001 が FIX:Google kernelCTF と Debian 12 に深刻な影響 https://t.co/iZ6DJtVyEl この脆弱性は、Linux カーネルのネットワーク制御機能 HFSC におけるキュー管理処理に関するものです。NETEM のパケット

    @iototsecnews

    18 Aug 2025

    132 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Researchers exploit CVE-2025-38001 to compromise Google kernelCTF instances and Debian 12 systems, earning $82K in bounties. Highlights need for thorough code audits. Link: https://t.co/q9wXqOIXWU #Security #Linux #Exploit #Kernel #Hacking #Bounty #CVE #Audit #Research #Tech

    @dailytechonx

    4 Aug 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. URGENT: #Ubuntu 20.04 LTS kernel patch USN-7671-3 fixes: 11 CVEs (7 CRITICAL). Netfilter RCE (CVE-2025-38001). GPU driver exploits Update NOW + recompile modules. Read more: 👉 https://t.co/MMyaWIzXcq https://t.co/ifdLD8q9DF

    @Cezar_H_Linux

    4 Aug 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. LinuxネットワークパケットスケジューラのHFSCキュー規律における深刻なUse-After-Free脆弱性(CVE-2025-38001)

    @pocochi20250519

    4 Aug 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Exploiting a Use-After-Free vulnerability in the Linux network packet schedule (CVE-2025-38001) (@cor_ctf) https://t.co/t0C6wWlyWI #infosec #Linux https://t.co/r8cBRApYaX

    @0xor0ne

    4 Aug 2025

    7702 Impressions

    53 Retweets

    223 Likes

    89 Bookmarks

    2 Replies

    1 Quote

  20. [CVE-2025-38001] Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k: A RBTree Family Drama (Part One: LTS & COS) https://t.co/DdKtTXZhuI

    @hashimzulkifli

    4 Aug 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. [CVE-2025-38001] Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k: A RBTree Family Drama (Part One: LTS & COS) https://t.co/lQyWIZh8W4

    @Dinosn

    3 Aug 2025

    2130 Impressions

    2 Retweets

    13 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  22. 2025-07-12 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― [CVE-2025-38001] Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k: A RBTree Family Drama (Part One: LTS & COS) https://t.co/o18JieEEim https://t.co/uKR

    @motikan2010

    13 Jul 2025

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Últimas noticias sobre #Hacking: En las últimas 24 horas, se han descubierto vulnerabilidades críticas en diversas plataformas como CVE-2025-38001 en Google y Debian 12, y CitrixBleed 2, además de un ataque a Gravity Forms de WordPress. Los parches... 👉 https://t.co/V4Uug

    @JaimeARestrepo_

    12 Jul 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. URGENT: #Ubuntu 24.10/24.04 LTS kernel flaws (CVE-2025-38001, etc.) allow privilege escalation & network attacks. Patch via: sudo apt update && sudo apt upgrade. Read more: 👉https://t.co/alQePDB537 #LinuxSecurity https://t.co/TVamfHN1ZX

    @Cezar_H_Linux

    9 Jul 2025

    32 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🚨 Breaking: #Linux kernel real-time (RT) systems are vulnerable to CVE-2025-38001 (Netfilter bypass) and CVE-2025-37997 (InfiniBand leaks). Patch via sudo apt upgrade + reboot. Details: 👉 https://t.co/W9iKrcUVIs #InfoSec https://t.co/X22mGbU04m

    @Cezar_H_Linux

    2 Jul 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Critical Linux Kernel (Real-time) Patch Alert! 🚀 CVE-2025-38001 & other flaws fixed in GPU, SMB, Netfilter. Read more: 👉 https://t.co/7VHqFLkBPu #Linux #Infosec #Ubuntu https://t.co/vC0C8n5Zpf

    @Cezar_H_Linux

    2 Jul 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. CVE-2025-38001 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are… https://t.co/7PzcmtFfNJ

    @CVEnew

    6 Jun 2025

    181 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.