CVE-2025-38107

Published Jul 3, 2025

Last updated 4 months ago

CVSS high 7.0

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: fix a race in ets_qdisc_change() Gerrard Tai reported a race condition in ETS, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed
Products: linux_kernel, debian_linux

Risk scores

CVSS 3.1

Type: Primary
Base score: 7
Impact score: 5.9
Exploitability score: 1
Vector string: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-362

Hype score: Not currently trending

CVE-2025-38107 In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: fix a race in ets_qdisc_change() Gerrard Tai reported a race condition in ETS, w… https://t.co/jQyaGjdDNB
@CVEnew
3 Jul 2025
342 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "3F878731-43F1-4A9E-A036-18BFE499C6E4",
            "versionEndExcluding": "5.5",
            "versionStartIncluding": "5.4.213",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4FAD8C22-DA06-4F79-A8D2-AB1B56A900B1",
            "versionEndExcluding": "5.10.239",
            "versionStartIncluding": "5.10.142",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BE850A17-AC1C-491E-B3A5-ED09E1EAEE85",
            "versionEndExcluding": "5.15.186",
            "versionStartIncluding": "5.15.66",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "57133CA5-FEDB-4D53-B672-E46C2DC0AC5F",
            "versionEndExcluding": "6.0",
            "versionStartIncluding": "5.19.8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "8A78062F-0E12-479D-872D-6FA9134EBCAE",
            "versionEndExcluding": "6.1.142",
            "versionStartIncluding": "6.0.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "304E3F01-7D7A-4908-994E-7F95C5C00B06",
            "versionEndExcluding": "6.6.94",
            "versionStartIncluding": "6.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4FFA54AA-CDFE-4591-BD07-72813D0948F4",
            "versionEndExcluding": "6.12.34",
            "versionStartIncluding": "6.7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92",
            "versionEndExcluding": "6.15.3",
            "versionStartIncluding": "6.13",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:*",
            "matchCriteriaId": "7BE551E5-89CF-47A8-9B26-03CE727FBA37",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*",
            "matchCriteriaId": "F8446E87-F5F6-41CA-8201-BAE0F0CA6DD9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc5:*:*:*:*:*:*",
            "matchCriteriaId": "8E5FB72F-67CE-43CC-83FE-541604D98182",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc6:*:*:*:*:*:*",
            "matchCriteriaId": "3A0A7397-F5F8-4753-82DC-9A11288E696D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc7:*:*:*:*:*:*",
            "matchCriteriaId": "E6DE049A-ABA8-41DD-988C-8C088358EE9B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References