CVE-2025-38083

net_sched: prio: fix a race in prio_tune()

Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/53d11560e957d53ee87a0653d258038ce12361b7
https://git.kernel.org/stable/c/4483d8b9127591c60c4eb789d6cab953bc4522a9
https://git.kernel.org/stable/c/20f68e6a9e41693cb0e55e5b9ebbcb40983a4b8f
https://git.kernel.org/stable/c/3aaa7c01cf19d9b9bb64b88b65c3a6fd05da2eb4
https://git.kernel.org/stable/c/46c15c9d0f65c9ba857d63f53264f4b17e8a715f
https://git.kernel.org/stable/c/e3f6745006dc9423d2b065b90f191cfa11b1b584
https://git.kernel.org/stable/c/93f9eeb678d4c9c1abf720b3615fa8299a490845
https://git.kernel.org/stable/c/d35acc1be3480505b5931f17e4ea9b7617fea4d3

Frequently Asked Questions

What is the severity of CVE-2025-38083?
CVE-2025-38083 has not yet been assigned a CVSS score.
How to fix CVE-2025-38083?
To fix CVE-2025-38083, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38083 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38083 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38083?
CVE-2025-38083 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.