CVE-2025-37932

MEDIUM

Linux Kernel - Non-Idempotent htb_qlen_notify() in sch_htb

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life.

References (10)

Core 10

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Patch

https://git.kernel.org/stable/c/e6b45f4de763b00dc1c55e685e2dd1aaf525d3c1

Patch

https://git.kernel.org/stable/c/32ae12ce6a9f6bace186ca7335220ff59b6cc3cd

Patch

https://git.kernel.org/stable/c/967955c9e57f8eebfccc298037d4aaf3d42bc1c9

Patch

https://git.kernel.org/stable/c/73cf6af13153d62f9b76eff422eea79dbc70f15e

Patch

https://git.kernel.org/stable/c/bbbf5e0f87078b715e7a665d662a2c0e77f044ae

Patch

https://git.kernel.org/stable/c/0a188c0e197383683fd093ab1ea6ce9a5869a6ea

Patch

https://git.kernel.org/stable/c/a61f1b5921761fbaf166231418bc1db301e5bf59

Patch

https://git.kernel.org/stable/c/5ba8b837b522d7051ef81bacf3d95383ff8edce5

Scores

CVSS v3 5.5

EPSS 0.0009

EPSS Percentile 25.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (28)

debian/debian_linux 11.0

linux/Kernel 4.14.0 - 5.4.294linux

linux/Kernel 5.11.0 - 5.15.190linux

linux/Kernel 5.16.0 - 6.1.138linux

linux/Kernel 5.5.0 - 5.10.241linux

linux/Kernel 6.13.0 - 6.14.6linux

linux/Kernel 6.2.0 - 6.6.90linux

linux/Kernel 6.7.0 - 6.12.28linux

Linux/Linux < 4.14

Linux/Linux 4.14

... and 18 more

Published May 20, 2025

Tracked Since Feb 18, 2026