CVE-2025-37914
net_sched: ets: Fix double list add in class with netem as child qdisc
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
20 mai 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the Linux kernel, the following vulnerability has been resolved:
net_sched: ets: Fix double list add in class with netem as child qdisc
As described in Gerrard's report [1], there are use cases where a netem
child qdisc will make the parent qdisc's enqueue callback reentrant.
In the case of ets, there won't be a UAF, but the code will add the same
classifier to the list twice, which will cause memory corruption.
In addition to checking for qlen being zero, this patch checks whether
the class was already added to the active_list (cl_is_active) before
doing the addition to cater for the reentrant case.
[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/
Produtos afetados
Linux · LinuxReferências
https://git.kernel.org/stable/c/1a6d0c00fa07972384b0c308c72db091d49988b6https://git.kernel.org/stable/c/1f01e9f961605eb397c6ecd1d7b0233dfbf9077chttps://git.kernel.org/stable/c/24388ba0a1b1b6d4af1b205927ac7f7b119ee4eahttps://git.kernel.org/stable/c/554acc5a2ea9703e08023eb9a003f9e5a830a502https://git.kernel.org/stable/c/72c3da7e6ceb74e74ddbb5a305a35c9fdfcac6e3https://git.kernel.org/stable/c/9efb6a0fa88e0910d079fdfeb4f7ce4d4ac6c990https://git.kernel.org/stable/c/bc321f714de693aae06e3786f88df2975376d996https://lists.debian.org/debian-lts-announce/2025/08/msg00010.htmlhttps://lists.debian.org/debian-lts-announce/2025/10/msg00007.html