CVE-2025-21703 (GCVE-0-2025-21703)
Vulnerability from cvelistv5
Published
2025-02-18 14:37
Modified
2025-05-04 07:19
Summary
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it would miss the opportunity to call cops->qlen_notify(), in the case of DRR, it resulted in UAF since DRR uses ->qlen_notify() to maintain its active list.
Impacted products
Vendor Product Version
Linux Linux Version: 83c6ab12f08dcc09d4c5ac86fdb89736b28f1d31
Version: 216509dda290f6db92c816dd54b83c1df9da9e76
Version: c2047b0e216c8edce227d7c42f99ac2877dad0e4
Version: 10df49cfca73dfbbdb6c4150d859f7e8926ae427
Version: 3824c5fad18eeb7abe0c4fc966f29959552dca3e
Version: 356078a5c55ec8d2061fcc009fb8599f5b0527f9
Version: f8d4bc455047cf3903cd6f85f49978987dbb3027
Version: f8d4bc455047cf3903cd6f85f49978987dbb3027
Create a notification for this product.
   Linux Linux Version: 6.13
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21703",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-18T15:38:37.163490Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T15:46:03.772Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_netem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e395fec75ac2dbffc99b4bce57b7f1f3c5449f2c",
              "status": "affected",
              "version": "83c6ab12f08dcc09d4c5ac86fdb89736b28f1d31",
              "versionType": "git"
            },
            {
              "lessThan": "7f31d74fcc556a9166b1bb20515542de7bb939d1",
              "status": "affected",
              "version": "216509dda290f6db92c816dd54b83c1df9da9e76",
              "versionType": "git"
            },
            {
              "lessThan": "98a2c685293aae122f688cde11d9334dddc5d207",
              "status": "affected",
              "version": "c2047b0e216c8edce227d7c42f99ac2877dad0e4",
              "versionType": "git"
            },
            {
              "lessThan": "7b79ca9a1de6a428d486ff52fb3d602321c08f55",
              "status": "affected",
              "version": "10df49cfca73dfbbdb6c4150d859f7e8926ae427",
              "versionType": "git"
            },
            {
              "lessThan": "1f8e3f4a4b8b90ad274dfbc66fc7d55cb582f4d5",
              "status": "affected",
              "version": "3824c5fad18eeb7abe0c4fc966f29959552dca3e",
              "versionType": "git"
            },
            {
              "lessThan": "6312555249082d6d8cc5321ff725df05482d8b83",
              "status": "affected",
              "version": "356078a5c55ec8d2061fcc009fb8599f5b0527f9",
              "versionType": "git"
            },
            {
              "lessThan": "839ecc583fa00fab785fde1c85a326743657fd32",
              "status": "affected",
              "version": "f8d4bc455047cf3903cd6f85f49978987dbb3027",
              "versionType": "git"
            },
            {
              "lessThan": "638ba5089324796c2ee49af10427459c2de35f71",
              "status": "affected",
              "version": "f8d4bc455047cf3903cd6f85f49978987dbb3027",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_netem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.13"
            },
            {
              "lessThan": "6.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.129",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.291",
                  "versionStartIncluding": "5.4.288",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.235",
                  "versionStartIncluding": "5.10.232",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.179",
                  "versionStartIncluding": "5.15.175",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.129",
                  "versionStartIncluding": "6.1.121",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.78",
                  "versionStartIncluding": "6.6.67",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.14",
                  "versionStartIncluding": "6.12.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.3",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:19:20.127Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e395fec75ac2dbffc99b4bce57b7f1f3c5449f2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f31d74fcc556a9166b1bb20515542de7bb939d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/98a2c685293aae122f688cde11d9334dddc5d207"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b79ca9a1de6a428d486ff52fb3d602321c08f55"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f8e3f4a4b8b90ad274dfbc66fc7d55cb582f4d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/6312555249082d6d8cc5321ff725df05482d8b83"
        },
        {
          "url": "https://git.kernel.org/stable/c/839ecc583fa00fab785fde1c85a326743657fd32"
        },
        {
          "url": "https://git.kernel.org/stable/c/638ba5089324796c2ee49af10427459c2de35f71"
        }
      ],
      "title": "netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21703",
    "datePublished": "2025-02-18T14:37:44.261Z",
    "dateReserved": "2024-12-29T08:45:45.751Z",
    "dateUpdated": "2025-05-04T07:19:20.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-21703\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-18T15:15:18.633\",\"lastModified\":\"2025-03-24T17:38:41.197\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\\n\\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\\nqdisc becomes empty, therefore we need to reduce the backlog of the\\nchild qdisc before calling it. Otherwise it would miss the opportunity\\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\\nsince DRR uses -\u003eqlen_notify() to maintain its active list.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netem: Actualizar sch-\u0026gt;q.qlen antes de qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifica a la qdisc principal solo si la qdisc secundaria se vac\u00eda, por lo tanto, debemos reducir el backlog de la qdisc secundaria antes de llamarla. De lo contrario, perder\u00eda la oportunidad de llamar a cops-\u0026gt;qlen_notify(), en el caso de DRR, result\u00f3 en UAF ya que DRR usa -\u0026gt;qlen_notify() para mantener su lista activa.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.288\",\"versionEndExcluding\":\"5.4.291\",\"matchCriteriaId\":\"1FF7C185-6CBF-4EF2-83B3-4FB93242DFF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.232\",\"versionEndExcluding\":\"5.10.235\",\"matchCriteriaId\":\"AB3C4F74-535B-4D55-8234-E28674C6D696\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15.175\",\"versionEndExcluding\":\"5.15.179\",\"matchCriteriaId\":\"F5BEAC01-7945-4D86-A92F-E46057B48853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.121\",\"versionEndExcluding\":\"6.1.129\",\"matchCriteriaId\":\"6A0092B6-E8B6-447B-8269-C16FD051ABD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6.67\",\"versionEndExcluding\":\"6.6.78\",\"matchCriteriaId\":\"9B81326A-BA71-48DE-B949-271DF57577D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.12.6\",\"versionEndExcluding\":\"6.12.14\",\"matchCriteriaId\":\"BCF08963-4D69-4A0B-A57A-2B0107804026\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.13.3\",\"matchCriteriaId\":\"0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"186716B6-2B66-4BD0-852E-D48E71C0C85F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1f8e3f4a4b8b90ad274dfbc66fc7d55cb582f4d5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6312555249082d6d8cc5321ff725df05482d8b83\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/638ba5089324796c2ee49af10427459c2de35f71\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7b79ca9a1de6a428d486ff52fb3d602321c08f55\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7f31d74fcc556a9166b1bb20515542de7bb939d1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/839ecc583fa00fab785fde1c85a326743657fd32\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/98a2c685293aae122f688cde11d9334dddc5d207\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e395fec75ac2dbffc99b4bce57b7f1f3c5449f2c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-21703\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-18T15:38:37.163490Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-18T15:38:38.582Z\"}}], \"cna\": {\"title\": \"netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"83c6ab12f08dcc09d4c5ac86fdb89736b28f1d31\", \"lessThan\": \"e395fec75ac2dbffc99b4bce57b7f1f3c5449f2c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"216509dda290f6db92c816dd54b83c1df9da9e76\", \"lessThan\": \"7f31d74fcc556a9166b1bb20515542de7bb939d1\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c2047b0e216c8edce227d7c42f99ac2877dad0e4\", \"lessThan\": \"98a2c685293aae122f688cde11d9334dddc5d207\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"10df49cfca73dfbbdb6c4150d859f7e8926ae427\", \"lessThan\": \"7b79ca9a1de6a428d486ff52fb3d602321c08f55\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"3824c5fad18eeb7abe0c4fc966f29959552dca3e\", \"lessThan\": \"1f8e3f4a4b8b90ad274dfbc66fc7d55cb582f4d5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"356078a5c55ec8d2061fcc009fb8599f5b0527f9\", \"lessThan\": \"6312555249082d6d8cc5321ff725df05482d8b83\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f8d4bc455047cf3903cd6f85f49978987dbb3027\", \"lessThan\": \"839ecc583fa00fab785fde1c85a326743657fd32\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f8d4bc455047cf3903cd6f85f49978987dbb3027\", \"lessThan\": \"638ba5089324796c2ee49af10427459c2de35f71\", \"versionType\": \"git\"}], \"programFiles\": [\"net/sched/sch_netem.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.13\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.13\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.4.291\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.235\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.179\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.129\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.78\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.14\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.13.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.13.*\"}, {\"status\": \"unaffected\", \"version\": \"6.14\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/sched/sch_netem.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/e395fec75ac2dbffc99b4bce57b7f1f3c5449f2c\"}, {\"url\": \"https://git.kernel.org/stable/c/7f31d74fcc556a9166b1bb20515542de7bb939d1\"}, {\"url\": \"https://git.kernel.org/stable/c/98a2c685293aae122f688cde11d9334dddc5d207\"}, {\"url\": \"https://git.kernel.org/stable/c/7b79ca9a1de6a428d486ff52fb3d602321c08f55\"}, {\"url\": \"https://git.kernel.org/stable/c/1f8e3f4a4b8b90ad274dfbc66fc7d55cb582f4d5\"}, {\"url\": \"https://git.kernel.org/stable/c/6312555249082d6d8cc5321ff725df05482d8b83\"}, {\"url\": \"https://git.kernel.org/stable/c/839ecc583fa00fab785fde1c85a326743657fd32\"}, {\"url\": \"https://git.kernel.org/stable/c/638ba5089324796c2ee49af10427459c2de35f71\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\\n\\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\\nqdisc becomes empty, therefore we need to reduce the backlog of the\\nchild qdisc before calling it. Otherwise it would miss the opportunity\\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\\nsince DRR uses -\u003eqlen_notify() to maintain its active list.\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-03-24T15:39:03.896Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-21703\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-24T15:39:03.896Z\", \"dateReserved\": \"2024-12-29T08:45:45.751Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-02-18T14:37:44.261Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…