CVE-2025-38107

{"id": "CVE-2025-38107", "cveTags": [], "metrics": {}, "published": "2025-07-03T09:15:24.273", "references": [{"url": "https://git.kernel.org/stable/c/0383b25488a545be168744336847549d4a2d3d6c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/073f64c03516bcfaf790f8edc772e0cfb8a84ec3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/0b479d0aa488cb478eb2e1d8868be946ac8afb4f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/347867cb424edae5fec1622712c8dd0a2c42918f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d92adacdd8c2960be856e0b82acc5b7c5395fddb", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/eb7b74e9754e1ba2088f914ad1f57a778b11894b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fed94bd51d62d2e0e006aa61480e94e5cd0582b0", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: fix a race in ets_qdisc_change()\n\nGerrard Tai reported a race condition in ETS, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent's qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock."}], "lastModified": "2025-07-03T15:13:53.147", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}