cvelistv5 - cve-2025-38684

CVE-2025-38684 (GCVE-0-2025-38684)

Vulnerability from cvelistv5

Published

2025-09-04 15:32

Modified

2025-09-04 15:32

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands' while purging unused classes Shuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify() after recent changes from Lion [2]. The problem is: in ets_qdisc_change() we purge unused DWRR queues; the value of 'q->nbands' is the new one, and the cleanup should be done with the old one. The problem is here since my first attempts to fix ets_qdisc_change(), but it surfaced again after the recent qdisc len accounting fixes. Fix it purging idle DWRR queues before assigning a new value of 'q->nbands', so that all purge operations find a consistent configuration: - old 'q->nbands' because it's needed by ets_class_find() - old 'q->nstrict' because it's needed by ets_class_is_strict() BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 62 UID: 0 PID: 39457 Comm: tc Kdump: loaded Not tainted 6.12.0-116.el10.x86_64 #1 PREEMPT(voluntary) Hardware name: Dell Inc. PowerEdge R640/06DKY5, BIOS 2.12.2 07/09/2021 RIP: 0010:__list_del_entry_valid_or_report+0x4/0x80 Code: ff 4c 39 c7 0f 84 39 19 8e ff b8 01 00 00 00 c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <48> 8b 17 48 8b 4f 08 48 85 d2 0f 84 56 19 8e ff 48 85 c9 0f 84 ab RSP: 0018:ffffba186009f400 EFLAGS: 00010202 RAX: 00000000000000d6 RBX: 0000000000000000 RCX: 0000000000000004 RDX: ffff9f0fa29b69c0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffffffc12c2400 R08: 0000000000000008 R09: 0000000000000004 R10: ffffffffffffffff R11: 0000000000000004 R12: 0000000000000000 R13: ffff9f0f8cfe0000 R14: 0000000000100005 R15: 0000000000000000 FS: 00007f2154f37480(0000) GS:ffff9f269c1c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001530be001 CR4: 00000000007726f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ets_class_qlen_notify+0x65/0x90 [sch_ets] qdisc_tree_reduce_backlog+0x74/0x110 ets_qdisc_change+0x630/0xa40 [sch_ets] __tc_modify_qdisc.constprop.0+0x216/0x7f0 tc_modify_qdisc+0x7c/0x120 rtnetlink_rcv_msg+0x145/0x3f0 netlink_rcv_skb+0x53/0x100 netlink_unicast+0x245/0x390 netlink_sendmsg+0x21b/0x470 ____sys_sendmsg+0x39d/0x3d0 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xd0 do_syscall_64+0x7d/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f2155114084 Code: 89 02 b8 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 80 3d 25 f0 0c 00 00 74 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89 RSP: 002b:00007fff1fd7a988 EFLAGS: 00000202 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000560ec063e5e0 RCX: 00007f2155114084 RDX: 0000000000000000 RSI: 00007fff1fd7a9f0 RDI: 0000000000000003 RBP: 00007fff1fd7aa60 R08: 0000000000000010 R09: 000000000000003f R10: 0000560ee9b3a010 R11: 0000000000000202 R12: 00007fff1fd7aae0 R13: 000000006891ccde R14: 0000560ec063e5e0 R15: 00007fff1fd7aad0 </TASK> [1] https://lore.kernel.org/netdev/e08c7f4a6882f260011909a868311c6e9b54f3e4.1639153474.git.dcaratti@redhat.com/ [2] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5b3b346bc4c2aa2c428735438a11989d251f32f1
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/84a24fb446ee07b22b64aae6f0e3f4a38266310a
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/87c6efc5ce9c126ae4a781bc04504b83780e3650
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/970c1c731c4ede46d05f5b0355724d1e400cfbca
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/97ec167cd2e8a81a2d87331a2ed92daf007542c8
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/bdfddcde86e8b9245d9c0c2efe2b6fe8dcf6bf41
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/be9692dafdfb36d9c43afd9d4e1d9d9ba8e7b51b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d69f4a258cd91b3bcef7089eb0401005aae2aed5

Impacted products

Vendor

Product

Version

▼

Linux

Version: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33
Version: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33
Version: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33
Version: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33
Version: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33
Version: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33
Version: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33
Version: dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33
Version: 3b290923ad2b23596208c1e29520badef4356a43

Linux

Version: 5.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_ets.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bdfddcde86e8b9245d9c0c2efe2b6fe8dcf6bf41",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "be9692dafdfb36d9c43afd9d4e1d9d9ba8e7b51b",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "97ec167cd2e8a81a2d87331a2ed92daf007542c8",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "84a24fb446ee07b22b64aae6f0e3f4a38266310a",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "5b3b346bc4c2aa2c428735438a11989d251f32f1",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "d69f4a258cd91b3bcef7089eb0401005aae2aed5",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "970c1c731c4ede46d05f5b0355724d1e400cfbca",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "lessThan": "87c6efc5ce9c126ae4a781bc04504b83780e3650",
              "status": "affected",
              "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3b290923ad2b23596208c1e29520badef4356a43",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_ets.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17-rc2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.149",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.103",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.43",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.11",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.2",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17-rc2",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.296",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: use old \u0027nbands\u0027 while purging unused classes\n\nShuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify()\nafter recent changes from Lion [2]. The problem is: in ets_qdisc_change()\nwe purge unused DWRR queues; the value of \u0027q-\u003enbands\u0027 is the new one, and\nthe cleanup should be done with the old one. The problem is here since my\nfirst attempts to fix ets_qdisc_change(), but it surfaced again after the\nrecent qdisc len accounting fixes. Fix it purging idle DWRR queues before\nassigning a new value of \u0027q-\u003enbands\u0027, so that all purge operations find a\nconsistent configuration:\n\n - old \u0027q-\u003enbands\u0027 because it\u0027s needed by ets_class_find()\n - old \u0027q-\u003enstrict\u0027 because it\u0027s needed by ets_class_is_strict()\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 62 UID: 0 PID: 39457 Comm: tc Kdump: loaded Not tainted 6.12.0-116.el10.x86_64 #1 PREEMPT(voluntary)\n Hardware name: Dell Inc. PowerEdge R640/06DKY5, BIOS 2.12.2 07/09/2021\n RIP: 0010:__list_del_entry_valid_or_report+0x4/0x80\n Code: ff 4c 39 c7 0f 84 39 19 8e ff b8 01 00 00 00 c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c48\u003e 8b 17 48 8b 4f 08 48 85 d2 0f 84 56 19 8e ff 48 85 c9 0f 84 ab\n RSP: 0018:ffffba186009f400 EFLAGS: 00010202\n RAX: 00000000000000d6 RBX: 0000000000000000 RCX: 0000000000000004\n RDX: ffff9f0fa29b69c0 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffffffc12c2400 R08: 0000000000000008 R09: 0000000000000004\n R10: ffffffffffffffff R11: 0000000000000004 R12: 0000000000000000\n R13: ffff9f0f8cfe0000 R14: 0000000000100005 R15: 0000000000000000\n FS:  00007f2154f37480(0000) GS:ffff9f269c1c0000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 00000001530be001 CR4: 00000000007726f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n  \u003cTASK\u003e\n  ets_class_qlen_notify+0x65/0x90 [sch_ets]\n  qdisc_tree_reduce_backlog+0x74/0x110\n  ets_qdisc_change+0x630/0xa40 [sch_ets]\n  __tc_modify_qdisc.constprop.0+0x216/0x7f0\n  tc_modify_qdisc+0x7c/0x120\n  rtnetlink_rcv_msg+0x145/0x3f0\n  netlink_rcv_skb+0x53/0x100\n  netlink_unicast+0x245/0x390\n  netlink_sendmsg+0x21b/0x470\n  ____sys_sendmsg+0x39d/0x3d0\n  ___sys_sendmsg+0x9a/0xe0\n  __sys_sendmsg+0x7a/0xd0\n  do_syscall_64+0x7d/0x160\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f2155114084\n Code: 89 02 b8 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 80 3d 25 f0 0c 00 00 74 13 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\n RSP: 002b:00007fff1fd7a988 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000560ec063e5e0 RCX: 00007f2155114084\n RDX: 0000000000000000 RSI: 00007fff1fd7a9f0 RDI: 0000000000000003\n RBP: 00007fff1fd7aa60 R08: 0000000000000010 R09: 000000000000003f\n R10: 0000560ee9b3a010 R11: 0000000000000202 R12: 00007fff1fd7aae0\n R13: 000000006891ccde R14: 0000560ec063e5e0 R15: 00007fff1fd7aad0\n  \u003c/TASK\u003e\n\n [1] https://lore.kernel.org/netdev/e08c7f4a6882f260011909a868311c6e9b54f3e4.1639153474.git.dcaratti@redhat.com/\n [2] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-04T15:32:38.927Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bdfddcde86e8b9245d9c0c2efe2b6fe8dcf6bf41"
        },
        {
          "url": "https://git.kernel.org/stable/c/be9692dafdfb36d9c43afd9d4e1d9d9ba8e7b51b"
        },
        {
          "url": "https://git.kernel.org/stable/c/97ec167cd2e8a81a2d87331a2ed92daf007542c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/84a24fb446ee07b22b64aae6f0e3f4a38266310a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b3b346bc4c2aa2c428735438a11989d251f32f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/d69f4a258cd91b3bcef7089eb0401005aae2aed5"
        },
        {
          "url": "https://git.kernel.org/stable/c/970c1c731c4ede46d05f5b0355724d1e400cfbca"
        },
        {
          "url": "https://git.kernel.org/stable/c/87c6efc5ce9c126ae4a781bc04504b83780e3650"
        }
      ],
      "title": "net/sched: ets: use old \u0027nbands\u0027 while purging unused classes",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38684",
    "datePublished": "2025-09-04T15:32:38.927Z",
    "dateReserved": "2025-04-16T04:51:24.032Z",
    "dateUpdated": "2025-09-04T15:32:38.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38684\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-04T16:15:36.210\",\"lastModified\":\"2025-09-05T17:47:24.833\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/sched: ets: use old \u0027nbands\u0027 while purging unused classes\\n\\nShuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify()\\nafter recent changes from Lion [2]. The problem is: in ets_qdisc_change()\\nwe purge unused DWRR queues; the value of \u0027q-\u003enbands\u0027 is the new one, and\\nthe cleanup should be done with the old one. The problem is here since my\\nfirst attempts to fix ets_qdisc_change(), but it surfaced again after the\\nrecent qdisc len accounting fixes. Fix it purging idle DWRR queues before\\nassigning a new value of \u0027q-\u003enbands\u0027, so that all purge operations find a\\nconsistent configuration:\\n\\n - old \u0027q-\u003enbands\u0027 because it\u0027s needed by ets_class_find()\\n - old \u0027q-\u003enstrict\u0027 because it\u0027s needed by ets_class_is_strict()\\n\\n BUG: kernel NULL pointer dereference, address: 0000000000000000\\n #PF: supervisor read access in kernel mode\\n #PF: error_code(0x0000) - not-present page\\n PGD 0 P4D 0\\n Oops: Oops: 0000 [#1] SMP NOPTI\\n CPU: 62 UID: 0 PID: 39457 Comm: tc Kdump: loaded Not tainted 6.12.0-116.el10.x86_64 #1 PREEMPT(voluntary)\\n Hardware name: Dell Inc. PowerEdge R640/06DKY5, BIOS 2.12.2 07/09/2021\\n RIP: 0010:__list_del_entry_valid_or_report+0x4/0x80\\n Code: ff 4c 39 c7 0f 84 39 19 8e ff b8 01 00 00 00 c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c48\u003e 8b 17 48 8b 4f 08 48 85 d2 0f 84 56 19 8e ff 48 85 c9 0f 84 ab\\n RSP: 0018:ffffba186009f400 EFLAGS: 00010202\\n RAX: 00000000000000d6 RBX: 0000000000000000 RCX: 0000000000000004\\n RDX: ffff9f0fa29b69c0 RSI: 0000000000000000 RDI: 0000000000000000\\n RBP: ffffffffc12c2400 R08: 0000000000000008 R09: 0000000000000004\\n R10: ffffffffffffffff R11: 0000000000000004 R12: 0000000000000000\\n R13: ffff9f0f8cfe0000 R14: 0000000000100005 R15: 0000000000000000\\n FS:  00007f2154f37480(0000) GS:ffff9f269c1c0000(0000) knlGS:0000000000000000\\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n CR2: 0000000000000000 CR3: 00000001530be001 CR4: 00000000007726f0\\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\n PKRU: 55555554\\n Call Trace:\\n  \u003cTASK\u003e\\n  ets_class_qlen_notify+0x65/0x90 [sch_ets]\\n  qdisc_tree_reduce_backlog+0x74/0x110\\n  ets_qdisc_change+0x630/0xa40 [sch_ets]\\n  __tc_modify_qdisc.constprop.0+0x216/0x7f0\\n  tc_modify_qdisc+0x7c/0x120\\n  rtnetlink_rcv_msg+0x145/0x3f0\\n  netlink_rcv_skb+0x53/0x100\\n  netlink_unicast+0x245/0x390\\n  netlink_sendmsg+0x21b/0x470\\n  ____sys_sendmsg+0x39d/0x3d0\\n  ___sys_sendmsg+0x9a/0xe0\\n  __sys_sendmsg+0x7a/0xd0\\n  do_syscall_64+0x7d/0x160\\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n RIP: 0033:0x7f2155114084\\n Code: 89 02 b8 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 80 3d 25 f0 0c 00 00 74 13 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\\n RSP: 002b:00007fff1fd7a988 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\\n RAX: ffffffffffffffda RBX: 0000560ec063e5e0 RCX: 00007f2155114084\\n RDX: 0000000000000000 RSI: 00007fff1fd7a9f0 RDI: 0000000000000003\\n RBP: 00007fff1fd7aa60 R08: 0000000000000010 R09: 000000000000003f\\n R10: 0000560ee9b3a010 R11: 0000000000000202 R12: 00007fff1fd7aae0\\n R13: 000000006891ccde R14: 0000560ec063e5e0 R15: 00007fff1fd7aad0\\n  \u003c/TASK\u003e\\n\\n [1] https://lore.kernel.org/netdev/e08c7f4a6882f260011909a868311c6e9b54f3e4.1639153474.git.dcaratti@redhat.com/\\n [2] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/5b3b346bc4c2aa2c428735438a11989d251f32f1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/84a24fb446ee07b22b64aae6f0e3f4a38266310a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/87c6efc5ce9c126ae4a781bc04504b83780e3650\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/970c1c731c4ede46d05f5b0355724d1e400cfbca\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/97ec167cd2e8a81a2d87331a2ed92daf007542c8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bdfddcde86e8b9245d9c0c2efe2b6fe8dcf6bf41\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/be9692dafdfb36d9c43afd9d4e1d9d9ba8e7b51b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d69f4a258cd91b3bcef7089eb0401005aae2aed5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

wid-sec-w-2025-1976

Vulnerability from csaf_certbund

Published

2025-09-04 22:00

Modified

2025-09-09 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1976 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1976.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1976 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1976"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38679",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090443-CVE-2025-38679-be66@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38680",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090445-CVE-2025-38680-cce6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38681",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090446-CVE-2025-38681-db66@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38682",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090446-CVE-2025-38682-a90a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38683",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090446-CVE-2025-38683-573c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38684",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090447-CVE-2025-38684-db4c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38685",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090447-CVE-2025-38685-d633@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38686",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090447-CVE-2025-38686-281b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38687",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090448-CVE-2025-38687-564a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38688",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090448-CVE-2025-38688-6e94@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38689",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090448-CVE-2025-38689-ac95@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38690",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090449-CVE-2025-38690-ea6c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38691",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090449-CVE-2025-38691-8a2e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38692",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090450-CVE-2025-38692-90f5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38693",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090450-CVE-2025-38693-aeb5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38694",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090450-CVE-2025-38694-056d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38695",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090451-CVE-2025-38695-f491@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38696",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090451-CVE-2025-38696-4ec2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38697",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090451-CVE-2025-38697-b37e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38698",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090452-CVE-2025-38698-e0e3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38699",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090452-CVE-2025-38699-9ca5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38700",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090452-CVE-2025-38700-0c1b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38701",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090453-CVE-2025-38701-691e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38702",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090453-CVE-2025-38702-0b09@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38703",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090453-CVE-2025-38703-2f5c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38704",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090454-CVE-2025-38704-4353@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38705",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090454-CVE-2025-38705-7cd6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38706",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090455-CVE-2025-38706-da55@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38707",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090455-CVE-2025-38707-5808@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38708",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090455-CVE-2025-38708-6792@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38709",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090456-CVE-2025-38709-f62c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38710",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090456-CVE-2025-38710-1b60@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38711",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090456-CVE-2025-38711-b653@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38712",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090457-CVE-2025-38712-6273@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38713",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090457-CVE-2025-38713-dc89@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38714",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090457-CVE-2025-38714-36f0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38715",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090458-CVE-2025-38715-8464@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38716",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090458-CVE-2025-38716-4971@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38717",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38717-fbf6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38718",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38718-5bb6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38719",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38719-16b4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38720",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090400-CVE-2025-38720-a45e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38721",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090400-CVE-2025-38721-e31a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38722",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090400-CVE-2025-38722-de5f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38723",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090401-CVE-2025-38723-18f0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38724",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090401-CVE-2025-38724-5309@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38725",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090401-CVE-2025-38725-eb3f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38726",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090402-CVE-2025-38726-e4a8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38727",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090402-CVE-2025-38727-a22c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38728",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090402-CVE-2025-38728-191d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38729",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090403-CVE-2025-38729-ca88@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38730",
        "url": "https://lore.kernel.org/linux-cve-announce/2025090403-CVE-2025-38730-f2e6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2025-09-09",
        "url": "https://msrc.microsoft.com/update-guide/"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2025-09-09T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-10T05:06:40.011+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1976",
      "initial_release_date": "2025-09-04T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-09-04T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-09-07T22:00:00.000+00:00",
          "number": "2",
          "summary": "Produktzuordnung \u00fcberpr\u00fcft, CPE korrigiert"
        },
        {
          "date": "2025-09-09T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Linux Kernel \u003c6.6.96.2-1 on Linux 3.0",
                "product": {
                  "name": "Microsoft Azure Linux Kernel \u003c6.6.96.2-1 on Linux 3.0",
                  "product_id": "T046805"
                }
              },
              {
                "category": "product_version",
                "name": "Linux Kernel 6.6.96.2-1 on Linux 3.0",
                "product": {
                  "name": "Microsoft Azure Linux Kernel 6.6.96.2-1 on Linux 3.0",
                  "product_id": "T046805-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:azure:linux_kernel__6.6.96.2-1_on_linux_3.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Azure"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "6368",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-38679",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38679"
    },
    {
      "cve": "CVE-2025-38680",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38680"
    },
    {
      "cve": "CVE-2025-38681",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38681"
    },
    {
      "cve": "CVE-2025-38682",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38682"
    },
    {
      "cve": "CVE-2025-38683",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38683"
    },
    {
      "cve": "CVE-2025-38684",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38684"
    },
    {
      "cve": "CVE-2025-38685",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38685"
    },
    {
      "cve": "CVE-2025-38686",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38686"
    },
    {
      "cve": "CVE-2025-38687",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38687"
    },
    {
      "cve": "CVE-2025-38688",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38688"
    },
    {
      "cve": "CVE-2025-38689",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38689"
    },
    {
      "cve": "CVE-2025-38690",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38690"
    },
    {
      "cve": "CVE-2025-38691",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38691"
    },
    {
      "cve": "CVE-2025-38692",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38692"
    },
    {
      "cve": "CVE-2025-38693",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38693"
    },
    {
      "cve": "CVE-2025-38694",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38694"
    },
    {
      "cve": "CVE-2025-38695",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38695"
    },
    {
      "cve": "CVE-2025-38696",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38696"
    },
    {
      "cve": "CVE-2025-38697",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38697"
    },
    {
      "cve": "CVE-2025-38698",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38698"
    },
    {
      "cve": "CVE-2025-38699",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38699"
    },
    {
      "cve": "CVE-2025-38700",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38700"
    },
    {
      "cve": "CVE-2025-38701",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38701"
    },
    {
      "cve": "CVE-2025-38702",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38702"
    },
    {
      "cve": "CVE-2025-38703",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38703"
    },
    {
      "cve": "CVE-2025-38704",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38704"
    },
    {
      "cve": "CVE-2025-38705",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38705"
    },
    {
      "cve": "CVE-2025-38706",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38706"
    },
    {
      "cve": "CVE-2025-38707",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38707"
    },
    {
      "cve": "CVE-2025-38708",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38708"
    },
    {
      "cve": "CVE-2025-38709",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38709"
    },
    {
      "cve": "CVE-2025-38710",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38710"
    },
    {
      "cve": "CVE-2025-38711",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38711"
    },
    {
      "cve": "CVE-2025-38712",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38712"
    },
    {
      "cve": "CVE-2025-38713",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38713"
    },
    {
      "cve": "CVE-2025-38714",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38714"
    },
    {
      "cve": "CVE-2025-38715",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38715"
    },
    {
      "cve": "CVE-2025-38716",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38716"
    },
    {
      "cve": "CVE-2025-38717",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38717"
    },
    {
      "cve": "CVE-2025-38718",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38718"
    },
    {
      "cve": "CVE-2025-38719",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38719"
    },
    {
      "cve": "CVE-2025-38720",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38720"
    },
    {
      "cve": "CVE-2025-38721",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38721"
    },
    {
      "cve": "CVE-2025-38722",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38722"
    },
    {
      "cve": "CVE-2025-38723",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38723"
    },
    {
      "cve": "CVE-2025-38724",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38724"
    },
    {
      "cve": "CVE-2025-38725",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38725"
    },
    {
      "cve": "CVE-2025-38726",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38726"
    },
    {
      "cve": "CVE-2025-38727",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38727"
    },
    {
      "cve": "CVE-2025-38728",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38728"
    },
    {
      "cve": "CVE-2025-38729",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38729"
    },
    {
      "cve": "CVE-2025-38730",
      "product_status": {
        "known_affected": [
          "T046805",
          "6368"
        ]
      },
      "release_date": "2025-09-04T22:00:00.000+00:00",
      "title": "CVE-2025-38730"
    }
  ]
}

ghsa-fcgw-gqq6-4hgf

Vulnerability from github

Published

2025-09-05 18:31

Modified

2025-09-05 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: ets: use old 'nbands' while purging unused classes

Shuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify() after recent changes from Lion [2]. The problem is: in ets_qdisc_change() we purge unused DWRR queues; the value of 'q->nbands' is the new one, and the cleanup should be done with the old one. The problem is here since my first attempts to fix ets_qdisc_change(), but it surfaced again after the recent qdisc len accounting fixes. Fix it purging idle DWRR queues before assigning a new value of 'q->nbands', so that all purge operations find a consistent configuration:

old 'q->nbands' because it's needed by ets_class_find()
old 'q->nstrict' because it's needed by ets_class_is_strict()

BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 62 UID: 0 PID: 39457 Comm: tc Kdump: loaded Not tainted 6.12.0-116.el10.x86_64 #1 PREEMPT(voluntary) Hardware name: Dell Inc. PowerEdge R640/06DKY5, BIOS 2.12.2 07/09/2021 RIP: 0010:__list_del_entry_valid_or_report+0x4/0x80 Code: ff 4c 39 c7 0f 84 39 19 8e ff b8 01 00 00 00 c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <48> 8b 17 48 8b 4f 08 48 85 d2 0f 84 56 19 8e ff 48 85 c9 0f 84 ab RSP: 0018:ffffba186009f400 EFLAGS: 00010202 RAX: 00000000000000d6 RBX: 0000000000000000 RCX: 0000000000000004 RDX: ffff9f0fa29b69c0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffffffc12c2400 R08: 0000000000000008 R09: 0000000000000004 R10: ffffffffffffffff R11: 0000000000000004 R12: 0000000000000000 R13: ffff9f0f8cfe0000 R14: 0000000000100005 R15: 0000000000000000 FS: 00007f2154f37480(0000) GS:ffff9f269c1c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001530be001 CR4: 00000000007726f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ets_class_qlen_notify+0x65/0x90 [sch_ets] qdisc_tree_reduce_backlog+0x74/0x110 ets_qdisc_change+0x630/0xa40 [sch_ets] __tc_modify_qdisc.constprop.0+0x216/0x7f0 tc_modify_qdisc+0x7c/0x120 rtnetlink_rcv_msg+0x145/0x3f0 netlink_rcv_skb+0x53/0x100 netlink_unicast+0x245/0x390 netlink_sendmsg+0x21b/0x470 _syssendmsg+0x39d/0x3d0 _sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xd0 do_syscall_64+0x7d/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f2155114084 Code: 89 02 b8 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 80 3d 25 f0 0c 00 00 74 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89 RSP: 002b:00007fff1fd7a988 EFLAGS: 00000202 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000560ec063e5e0 RCX: 00007f2155114084 RDX: 0000000000000000 RSI: 00007fff1fd7a9f0 RDI: 0000000000000003 RBP: 00007fff1fd7aa60 R08: 0000000000000010 R09: 000000000000003f R10: 0000560ee9b3a010 R11: 0000000000000202 R12: 00007fff1fd7aae0 R13: 000000006891ccde R14: 0000560ec063e5e0 R15: 00007fff1fd7aad0

[1] https://lore.kernel.org/netdev/e08c7f4a6882f260011909a868311c6e9b54f3e4.1639153474.git.dcaratti@redhat.com/ [2] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-38684"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-04T16:15:36Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: use old \u0027nbands\u0027 while purging unused classes\n\nShuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify()\nafter recent changes from Lion [2]. The problem is: in ets_qdisc_change()\nwe purge unused DWRR queues; the value of \u0027q-\u003enbands\u0027 is the new one, and\nthe cleanup should be done with the old one. The problem is here since my\nfirst attempts to fix ets_qdisc_change(), but it surfaced again after the\nrecent qdisc len accounting fixes. Fix it purging idle DWRR queues before\nassigning a new value of \u0027q-\u003enbands\u0027, so that all purge operations find a\nconsistent configuration:\n\n - old \u0027q-\u003enbands\u0027 because it\u0027s needed by ets_class_find()\n - old \u0027q-\u003enstrict\u0027 because it\u0027s needed by ets_class_is_strict()\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 62 UID: 0 PID: 39457 Comm: tc Kdump: loaded Not tainted 6.12.0-116.el10.x86_64 #1 PREEMPT(voluntary)\n Hardware name: Dell Inc. PowerEdge R640/06DKY5, BIOS 2.12.2 07/09/2021\n RIP: 0010:__list_del_entry_valid_or_report+0x4/0x80\n Code: ff 4c 39 c7 0f 84 39 19 8e ff b8 01 00 00 00 c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c48\u003e 8b 17 48 8b 4f 08 48 85 d2 0f 84 56 19 8e ff 48 85 c9 0f 84 ab\n RSP: 0018:ffffba186009f400 EFLAGS: 00010202\n RAX: 00000000000000d6 RBX: 0000000000000000 RCX: 0000000000000004\n RDX: ffff9f0fa29b69c0 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffffffc12c2400 R08: 0000000000000008 R09: 0000000000000004\n R10: ffffffffffffffff R11: 0000000000000004 R12: 0000000000000000\n R13: ffff9f0f8cfe0000 R14: 0000000000100005 R15: 0000000000000000\n FS:  00007f2154f37480(0000) GS:ffff9f269c1c0000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 00000001530be001 CR4: 00000000007726f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n  \u003cTASK\u003e\n  ets_class_qlen_notify+0x65/0x90 [sch_ets]\n  qdisc_tree_reduce_backlog+0x74/0x110\n  ets_qdisc_change+0x630/0xa40 [sch_ets]\n  __tc_modify_qdisc.constprop.0+0x216/0x7f0\n  tc_modify_qdisc+0x7c/0x120\n  rtnetlink_rcv_msg+0x145/0x3f0\n  netlink_rcv_skb+0x53/0x100\n  netlink_unicast+0x245/0x390\n  netlink_sendmsg+0x21b/0x470\n  ____sys_sendmsg+0x39d/0x3d0\n  ___sys_sendmsg+0x9a/0xe0\n  __sys_sendmsg+0x7a/0xd0\n  do_syscall_64+0x7d/0x160\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f2155114084\n Code: 89 02 b8 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 80 3d 25 f0 0c 00 00 74 13 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\n RSP: 002b:00007fff1fd7a988 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000560ec063e5e0 RCX: 00007f2155114084\n RDX: 0000000000000000 RSI: 00007fff1fd7a9f0 RDI: 0000000000000003\n RBP: 00007fff1fd7aa60 R08: 0000000000000010 R09: 000000000000003f\n R10: 0000560ee9b3a010 R11: 0000000000000202 R12: 00007fff1fd7aae0\n R13: 000000006891ccde R14: 0000560ec063e5e0 R15: 00007fff1fd7aad0\n  \u003c/TASK\u003e\n\n [1] https://lore.kernel.org/netdev/e08c7f4a6882f260011909a868311c6e9b54f3e4.1639153474.git.dcaratti@redhat.com/\n [2] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
  "id": "GHSA-fcgw-gqq6-4hgf",
  "modified": "2025-09-05T18:31:15Z",
  "published": "2025-09-05T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38684"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5b3b346bc4c2aa2c428735438a11989d251f32f1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/84a24fb446ee07b22b64aae6f0e3f4a38266310a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/87c6efc5ce9c126ae4a781bc04504b83780e3650"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/970c1c731c4ede46d05f5b0355724d1e400cfbca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/97ec167cd2e8a81a2d87331a2ed92daf007542c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bdfddcde86e8b9245d9c0c2efe2b6fe8dcf6bf41"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be9692dafdfb36d9c43afd9d4e1d9d9ba8e7b51b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d69f4a258cd91b3bcef7089eb0401005aae2aed5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2025-38684

Vulnerability from fkie_nvd

Published

2025-09-04 16:15

Modified

2025-09-05 17:47

Severity ?

Summary

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5b3b346bc4c2aa2c428735438a11989d251f32f1
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/84a24fb446ee07b22b64aae6f0e3f4a38266310a
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/87c6efc5ce9c126ae4a781bc04504b83780e3650
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/970c1c731c4ede46d05f5b0355724d1e400cfbca
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/97ec167cd2e8a81a2d87331a2ed92daf007542c8
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/bdfddcde86e8b9245d9c0c2efe2b6fe8dcf6bf41
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/be9692dafdfb36d9c43afd9d4e1d9d9ba8e7b51b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d69f4a258cd91b3bcef7089eb0401005aae2aed5

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: use old \u0027nbands\u0027 while purging unused classes\n\nShuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify()\nafter recent changes from Lion [2]. The problem is: in ets_qdisc_change()\nwe purge unused DWRR queues; the value of \u0027q-\u003enbands\u0027 is the new one, and\nthe cleanup should be done with the old one. The problem is here since my\nfirst attempts to fix ets_qdisc_change(), but it surfaced again after the\nrecent qdisc len accounting fixes. Fix it purging idle DWRR queues before\nassigning a new value of \u0027q-\u003enbands\u0027, so that all purge operations find a\nconsistent configuration:\n\n - old \u0027q-\u003enbands\u0027 because it\u0027s needed by ets_class_find()\n - old \u0027q-\u003enstrict\u0027 because it\u0027s needed by ets_class_is_strict()\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 62 UID: 0 PID: 39457 Comm: tc Kdump: loaded Not tainted 6.12.0-116.el10.x86_64 #1 PREEMPT(voluntary)\n Hardware name: Dell Inc. PowerEdge R640/06DKY5, BIOS 2.12.2 07/09/2021\n RIP: 0010:__list_del_entry_valid_or_report+0x4/0x80\n Code: ff 4c 39 c7 0f 84 39 19 8e ff b8 01 00 00 00 c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c48\u003e 8b 17 48 8b 4f 08 48 85 d2 0f 84 56 19 8e ff 48 85 c9 0f 84 ab\n RSP: 0018:ffffba186009f400 EFLAGS: 00010202\n RAX: 00000000000000d6 RBX: 0000000000000000 RCX: 0000000000000004\n RDX: ffff9f0fa29b69c0 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffffffc12c2400 R08: 0000000000000008 R09: 0000000000000004\n R10: ffffffffffffffff R11: 0000000000000004 R12: 0000000000000000\n R13: ffff9f0f8cfe0000 R14: 0000000000100005 R15: 0000000000000000\n FS:  00007f2154f37480(0000) GS:ffff9f269c1c0000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 00000001530be001 CR4: 00000000007726f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n  \u003cTASK\u003e\n  ets_class_qlen_notify+0x65/0x90 [sch_ets]\n  qdisc_tree_reduce_backlog+0x74/0x110\n  ets_qdisc_change+0x630/0xa40 [sch_ets]\n  __tc_modify_qdisc.constprop.0+0x216/0x7f0\n  tc_modify_qdisc+0x7c/0x120\n  rtnetlink_rcv_msg+0x145/0x3f0\n  netlink_rcv_skb+0x53/0x100\n  netlink_unicast+0x245/0x390\n  netlink_sendmsg+0x21b/0x470\n  ____sys_sendmsg+0x39d/0x3d0\n  ___sys_sendmsg+0x9a/0xe0\n  __sys_sendmsg+0x7a/0xd0\n  do_syscall_64+0x7d/0x160\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f2155114084\n Code: 89 02 b8 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 80 3d 25 f0 0c 00 00 74 13 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\n RSP: 002b:00007fff1fd7a988 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000560ec063e5e0 RCX: 00007f2155114084\n RDX: 0000000000000000 RSI: 00007fff1fd7a9f0 RDI: 0000000000000003\n RBP: 00007fff1fd7aa60 R08: 0000000000000010 R09: 000000000000003f\n R10: 0000560ee9b3a010 R11: 0000000000000202 R12: 00007fff1fd7aae0\n R13: 000000006891ccde R14: 0000560ec063e5e0 R15: 00007fff1fd7aad0\n  \u003c/TASK\u003e\n\n [1] https://lore.kernel.org/netdev/e08c7f4a6882f260011909a868311c6e9b54f3e4.1639153474.git.dcaratti@redhat.com/\n [2] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/"
    }
  ],
  "id": "CVE-2025-38684",
  "lastModified": "2025-09-05T17:47:24.833",
  "metrics": {},
  "published": "2025-09-04T16:15:36.210",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5b3b346bc4c2aa2c428735438a11989d251f32f1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/84a24fb446ee07b22b64aae6f0e3f4a38266310a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/87c6efc5ce9c126ae4a781bc04504b83780e3650"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/970c1c731c4ede46d05f5b0355724d1e400cfbca"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/97ec167cd2e8a81a2d87331a2ed92daf007542c8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bdfddcde86e8b9245d9c0c2efe2b6fe8dcf6bf41"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/be9692dafdfb36d9c43afd9d4e1d9d9ba8e7b51b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d69f4a258cd91b3bcef7089eb0401005aae2aed5"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-38684 (GCVE-0-2025-38684)

Vulnerability from cvelistv5

wid-sec-w-2025-1976

Vulnerability from csaf_certbund

ghsa-fcgw-gqq6-4hgf

Vulnerability from github

fkie_cve-2025-38684

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature