CVE-2025-21971

In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TC_H_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, this could lead to a crash as reported by Mingi Cho. Prevent the creation of any Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) across all qdisc types, as suggested by Jamal.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/003d92c91cdb5a64b25a9a74cb8543aac9a8bb48	Patch
https://git.kernel.org/stable/c/0c3057a5a04d07120b3d0ec9c79568fceb9c921e	Patch
https://git.kernel.org/stable/c/5c3ca9cb48b51bd72bf76b8b05e24f3cd53db5e7	Patch
https://git.kernel.org/stable/c/78533c4a29ac3aeddce4b481770beaaa4f3bfb67	Patch
https://git.kernel.org/stable/c/7a82fe67a9f4d7123d8e5ba8f0f0806c28695006	Patch
https://git.kernel.org/stable/c/94edfdfb9505ab608e86599d1d1e38c83816fc1c	Patch
https://git.kernel.org/stable/c/e05d9938b1b0ac40b6054cc5fa0ccbd9afd5ed4c	Patch
https://git.kernel.org/stable/c/e5ee00607bbfc97ef1526ea95b6b2458ac9e7cb7	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.25:-::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc6::::::

History

31 Oct 2025, 19:16

Type	Values Removed	Values Added
CWE		CWE-835
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:2.6.25:-:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc6::::::
References	~~() https://git.kernel.org/stable/c/003d92c91cdb5a64b25a9a74cb8543aac9a8bb48 -~~	() https://git.kernel.org/stable/c/003d92c91cdb5a64b25a9a74cb8543aac9a8bb48 - Patch
References	~~() https://git.kernel.org/stable/c/0c3057a5a04d07120b3d0ec9c79568fceb9c921e -~~	() https://git.kernel.org/stable/c/0c3057a5a04d07120b3d0ec9c79568fceb9c921e - Patch
References	~~() https://git.kernel.org/stable/c/5c3ca9cb48b51bd72bf76b8b05e24f3cd53db5e7 -~~	() https://git.kernel.org/stable/c/5c3ca9cb48b51bd72bf76b8b05e24f3cd53db5e7 - Patch
References	~~() https://git.kernel.org/stable/c/78533c4a29ac3aeddce4b481770beaaa4f3bfb67 -~~	() https://git.kernel.org/stable/c/78533c4a29ac3aeddce4b481770beaaa4f3bfb67 - Patch
References	~~() https://git.kernel.org/stable/c/7a82fe67a9f4d7123d8e5ba8f0f0806c28695006 -~~	() https://git.kernel.org/stable/c/7a82fe67a9f4d7123d8e5ba8f0f0806c28695006 - Patch
References	~~() https://git.kernel.org/stable/c/94edfdfb9505ab608e86599d1d1e38c83816fc1c -~~	() https://git.kernel.org/stable/c/94edfdfb9505ab608e86599d1d1e38c83816fc1c - Patch
References	~~() https://git.kernel.org/stable/c/e05d9938b1b0ac40b6054cc5fa0ccbd9afd5ed4c -~~	() https://git.kernel.org/stable/c/e05d9938b1b0ac40b6054cc5fa0ccbd9afd5ed4c - Patch
References	~~() https://git.kernel.org/stable/c/e5ee00607bbfc97ef1526ea95b6b2458ac9e7cb7 -~~	() https://git.kernel.org/stable/c/e5ee00607bbfc97ef1526ea95b6b2458ac9e7cb7 - Patch

10 Apr 2025, 13:15

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net_sched: Impide la creación de clases con TC_H_ROOT La función qdisc_tree_reduce_backlog() usa TC_H_ROOT como condición de terminación al recorrer el árbol qdisc para actualizar los contadores de backlog primarios. Sin embargo, si se crea una clase con classid TC_H_ROOT, el recorrido termina prematuramente en esta clase en lugar de alcanzar la qdisc root real, lo que provoca que las estadísticas primarias se mantengan incorrectamente. En caso de DRR, esto podría provocar un fallo como lo informó Mingi Cho. Impide la creación de cualquier clase Qdisc con classid TC_H_ROOT (0xFFFFFFFF) en todos los tipos de qdisc, como sugirió Jamal.
References		() https://git.kernel.org/stable/c/003d92c91cdb5a64b25a9a74cb8543aac9a8bb48 - () https://git.kernel.org/stable/c/7a82fe67a9f4d7123d8e5ba8f0f0806c28695006 - () https://git.kernel.org/stable/c/e05d9938b1b0ac40b6054cc5fa0ccbd9afd5ed4c -

01 Apr 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-01 16:15

Updated : 2025-10-31 19:16

NVD link : CVE-2025-21971

Mitre link : CVE-2025-21971

CVE.ORG link : CVE-2025-21971

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

5.5 /10