CVE-2025-38083

MEDIUM

Linux Kernel 5.0-6.15.3 - Race Condition in PRIO qdisc_tree_flush_backlog

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.

References (11)

Core 11
Core References

Scores

CVSS v3 4.7
EPSS 0.0009
EPSS Percentile 24.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-362
Status published
Products (28)
debian/debian_linux 11.0
linux/Kernel 5.0.0 - 5.4.295linux
linux/Kernel 5.11.0 - 5.15.186linux
linux/Kernel 5.16.0 - 6.1.142linux
linux/Kernel 5.5.0 - 5.10.239linux
linux/Kernel 6.13.0 - 6.15.3linux
linux/Kernel 6.2.0 - 6.6.94linux
linux/Kernel 6.7.0 - 6.12.34linux
Linux/Linux < 5.0
Linux/Linux 5.0
... and 18 more
Published Jun 20, 2025
Tracked Since Feb 18, 2026