CVE-2025-38083
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-06-20

Last updated on: 2025-12-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-20
Last Modified
2025-12-17
Generated
2026-05-07
AI Q&A
2025-06-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38083
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.0 (inc) to 5.4.295 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.239 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.186 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.142 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.94 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.34 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.3 (exc)
linux linux_kernel 6.16
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a race condition in the Linux kernel's net_sched subsystem, specifically in the prio_tune() function. It occurs when the SFQ perturb timer fires at an incorrect time, causing concurrent operations on the queueing discipline (qdisc) to overlap improperly. This race can lead to an underflow of a parent's queue length (qlen). The issue arises because one CPU locks and unlocks the root qdisc while another CPU simultaneously locks the root and modifies the queue backlog, leading to inconsistent state. The fix involves replacing qdisc_tree_flush_backlog() with qdisc_purge_queue() to ensure all packets are purged before releasing the lock, preventing the race.


How can this vulnerability impact me? :

This vulnerability can cause the parent queue length to underflow, which may lead to incorrect network traffic scheduling and potential instability in network packet handling. Such behavior could degrade network performance or cause unexpected behavior in systems relying on the Linux kernel's traffic control mechanisms.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by replacing the use of qdisc_tree_flush_backlog() with qdisc_purge_queue() to avoid the race condition. To mitigate this vulnerability immediately, update your Linux kernel to a version where this fix is applied. This ensures that the race condition in prio_tune() is resolved by purging all packets from the qdisc before releasing the lock.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart