CVE-2025-38477

Published Jul 28, 2025

Last updated a month ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-38477 is a race condition vulnerability in the Linux kernel's Quick Fair Queueing (QFQ) scheduler. The vulnerability occurs when the 'agg' parameter is modified in `qfq_change_agg` (called during `qfq_enqueue`) while other threads concurrently access it. This can lead to a NULL pointer dereference in `qfq_dump_class` or a use-after-free condition in `qfq_delete_class`. The vulnerability impacts the network scheduling functionality and could lead to system crashes or denial of service. The issue is resolved by moving `qfq_destroy_class` into the critical section and adding `sch_tree_lock` protection to `qfq_dump_class` and `qfq_dump_class_stats` functions. The vulnerability can be triggered locally by users with CAP_NET_ADMIN privileges.

Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, qfq_dump_class may trigger a NULL dereference, and qfq_delete_class may cause a use-after-free. This patch addresses the issue by: 1. Moved qfq_destroy_class into the critical section. 2. Added sch_tree_lock protection to qfq_dump_class and qfq_dump_class_stats.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Awaiting Analysis

Social media

Hype score
Not currently trending

  1. Top 5 Trending CVEs: 1 - CVE-2010-5139 2 - CVE-2025-38477 3 - CVE-2025-54574 4 - CVE-2013-3219 5 - CVE-2025-8671 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    9 Nov 2025

    106 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  2. kernelCTF: CVE-2025-38477 kernelCTF entry for a race condition in the network scheduler subsystem. Most notably, shows a technique of putting controlled data into unmapped sections of vmlinux. https://t.co/cmGMHb2Irl https://t.co/HoUtU0JAmq

    @linkersec

    7 Nov 2025

    3112 Impressions

    8 Retweets

    53 Likes

    34 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-38477 In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is… https://t.co/R905dMrBsD

    @CVEnew

    28 Jul 2025

    249 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.