CVE-2025-38108
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-07-03

Last updated on: 2025-12-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net_sched: red: fix a race in __red_change() Gerrard Tai reported a race condition in RED, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-03
Last Modified
2025-12-16
Generated
2026-05-07
AI Q&A
2025-07-03
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38108
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.0 (inc) to 5.4.295 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.239 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.186 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.142 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.94 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.34 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.3 (exc)
linux linux_kernel 6.16
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a race condition in the Linux kernel's RED (Random Early Detection) network scheduler. It occurs when the SFQ perturb timer fires at an incorrect time, causing concurrent operations on the queue discipline (qdisc) to interfere with each other. Specifically, one CPU locks and flushes the backlog while another CPU locks and rehashes the queue, leading to a race that can cause the parent's queue length to underflow. The issue is fixed by changing the function called to purge all packets before releasing the lock, preventing the race.


How can this vulnerability impact me? :

This vulnerability can lead to an underflow of a parent's queue length in the network scheduler, which may cause unexpected behavior in network traffic management. This could potentially disrupt network performance or stability on affected Linux systems.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the race condition in the RED qdisc (__red_change) has been fixed. The fix involves replacing qdisc_tree_flush_backlog() with qdisc_purge_queue() to prevent the race condition and potential queue length underflow. Applying the latest kernel patches or updates from your Linux distribution that address this issue is recommended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart