CVE-2025-38177

sch_hfsc: make hfsc_qlen_notify() idempotent

Description

In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life: 1. update_vf() decreases cl->cl_nactive, so we can check whether it is non-zero before calling it. 2. eltree_remove() always removes RB node cl->el_node, but we can use RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0475c85426b18eccdcb7f9fb58d8f8e9c6c58c87
https://git.kernel.org/stable/c/9030a91235ae4845ec71902c3e0cecfc9ed1f2df
https://git.kernel.org/stable/c/d06476714d2819b550e0cc39222347e2c8941c9d
https://git.kernel.org/stable/c/c1175c4ad01dbc9c979d099861fa90a754f72059
https://git.kernel.org/stable/c/51eb3b65544c9efd6a1026889ee5fb5aa62da3bb

Frequently Asked Questions

What is the severity of CVE-2025-38177?
CVE-2025-38177 has not yet been assigned a CVSS score.
How to fix CVE-2025-38177?
To fix CVE-2025-38177, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38177 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38177 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38177?
CVE-2025-38177 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.