CVE-2025-38553
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-19

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in netem_dequeue, as seen in [1]. Ensure that a duplicating netem cannot exist in a tree with other netems. Previous approaches suggested in discussions in chronological order: 1) Track duplication status or ttl in the sk_buff struct. Considered too specific a use case to extend such a struct, though this would be a resilient fix and address other previous and potential future DOS bugs like the one described in loopy fun [2]. 2) Restrict netem_enqueue recursion depth like in act_mirred with a per cpu variable. However, netem_dequeue can call enqueue on its child, and the depth restriction could be bypassed if the child is a netem. 3) Use the same approach as in 2, but add metadata in netem_skb_cb to handle the netem_dequeue case and track a packet's involvement in duplication. This is an overly complex approach, and Jamal notes that the skb cb can be overwritten to circumvent this safeguard. 4) Prevent the addition of a netem to a qdisc tree if its ancestral path contains a netem. However, filters and actions can cause a packet to change paths when re-enqueued to the root from netem duplication, leading us to the current solution: prevent a duplicating netem from inhabiting the same tree as other netems. [1] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/ [2] https://lwn.net/Articles/719297/
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-19
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-08-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38553
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel 6.1.153
linux kernel 5.10.244
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's network scheduler (net/sched) where the duplication prevention logic in netem_enqueue breaks when a netem (network emulator) exists in a queuing discipline (qdisc) tree with other netems. This can cause a soft lockup and an out-of-memory (OOM) loop in netem_dequeue. The root cause is that duplicating netems should not coexist in the same qdisc tree, and the fix ensures that a duplicating netem cannot be added to a tree that already contains other netems.


How can this vulnerability impact me? :

If exploited, this vulnerability can cause the system to experience a soft lockup and enter an out-of-memory loop, potentially leading to degraded system performance or denial of service due to resource exhaustion in the network stack.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that a duplicating netem cannot exist in a qdisc tree with other netems. This involves restricting the conditions for adding duplicating netems to the qdisc tree to prevent soft lockups and OOM loops. Applying the updated Linux kernel patch that enforces this restriction is recommended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart