Description
In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TC_H_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, this could lead to a crash as reported by Mingi Cho. Prevent the creation of any Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) across all qdisc types, as suggested by Jamal.
References (10)
Scores
CVSS v3
5.5
EPSS
0.0008
EPSS Percentile
23.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (10)
linux/Kernel
2.6.25 - 5.4.292linux
linux/Kernel
5.11.0 - 5.15.180linux
linux/Kernel
5.16.0 - 6.1.132linux
linux/Kernel
5.5.0 - 5.10.236linux
linux/Kernel
6.13.0 - 6.13.8linux
linux/Kernel
6.2.0 - 6.6.84linux
linux/Kernel
6.7.0 - 6.12.20linux
linux/linux_kernel
2.6.25
linux/linux_kernel
6.14 rc1 (6 CPE variants)
linux/linux_kernel
2.6.26 - 5.4.292
Published
Apr 01, 2025
Tracked Since
Feb 18, 2026