CVE-2025-37890

net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/

N/A
CVSS
Severity:
EPSS 0.06%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/273bbcfa53541cde38b2003ad88a59b770306421
https://git.kernel.org/stable/c/e0cf8ee23e1915431f262a7b2dee0c7a7d699af0
https://git.kernel.org/stable/c/e3e949a39a91d1f829a4890e7dfe9417ac72e4d0
https://git.kernel.org/stable/c/8df7d37d626430035b413b97cee18396b3450bef
https://git.kernel.org/stable/c/6082a87af4c52f58150d40dec1716011d871ac21
https://git.kernel.org/stable/c/2e7093c7a8aba5d4f8809f271488e5babe75e202
https://git.kernel.org/stable/c/ac39fd4a757584d78ed062d4f6fd913f83bd98b5
https://git.kernel.org/stable/c/141d34391abbb315d68556b7c67ad97885407547

Frequently Asked Questions

What is the severity of CVE-2025-37890?
CVE-2025-37890 has not yet been assigned a CVSS score.
How to fix CVE-2025-37890?
To fix CVE-2025-37890, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37890 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-37890 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37890?
CVE-2025-37890 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.