CVE-2025-38193
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 2.6.13 (inc) to 5.4.297 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.240 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.186 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.142 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.95 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.35 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.4 (exc) |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 6.16 |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's net_sched component involves the SFQ (Stochastic Fairness Queueing) scheduler's perturb_period parameter, which previously lacked proper range checking. Without validation, setting perturb_period to invalid values (such as negative or excessively large numbers) could trigger a race condition. The issue was fixed by ensuring that perturb_period multiplied by HZ (the kernel timer frequency) does not overflow and remains positive, preventing invalid configurations that could cause errors or instability.
How can this vulnerability impact me? :
If exploited, this vulnerability could cause a race condition in the Linux kernel's SFQ scheduler, potentially leading to kernel instability or unexpected behavior in network traffic scheduling. This could affect system reliability or performance, especially in environments relying on precise traffic control.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the configuration of the SFQ (Stochastic Fairness Queueing) qdisc on your network interfaces using the 'tc' command. Specifically, you can try setting invalid perturb_period values to see if errors occur, indicating the presence of the vulnerability. Example commands include: - tc qd add dev lo root sfq perturb -10 # should return error for negative value - tc qd add dev lo root sfq perturb 1000000000 # should return error for too large value - tc qd add dev lo root sfq perturb 2000000 # acceptable value - tc -s -d qd sh dev lo # to show detailed statistics and configuration of the SFQ qdisc If invalid perturb_period values are accepted without error, the system may be vulnerable.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves ensuring that the Linux kernel is updated to a version where this vulnerability is fixed. The fix involves adding range checks on the perturb_period parameter in the SFQ scheduler to reject invalid values that could trigger a race condition. Until the update is applied, avoid manually setting perturb_period values that are negative or excessively large. Monitoring and validating SFQ configurations using the 'tc' commands can help prevent exploitation.