CVE-2025-37890

UNKNOWN 0.0

net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 16, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea < 273bbcfa53541cde38b2003ad88a59b770306421 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea < e0cf8ee23e1915431f262a7b2dee0c7a7d699af0 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea < e3e949a39a91d1f829a4890e7dfe9417ac72e4d0 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea < 8df7d37d626430035b413b97cee18396b3450bef 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea < 6082a87af4c52f58150d40dec1716011d871ac21 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea < 2e7093c7a8aba5d4f8809f271488e5babe75e202 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea < ac39fd4a757584d78ed062d4f6fd913f83bd98b5 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea < 141d34391abbb315d68556b7c67ad97885407547

Linux / Linux

5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗