CVE-2025-39766
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153-1 |
| linux | linux_kernel | 5.10.244-1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the network scheduler component where the cake_enqueue function incorrectly returns NET_XMIT_SUCCESS even when packets are dropped due to a low buffer limit. This causes the htb_enqueue function to call htb_activate with an empty child queue, potentially triggering a warning. The issue arises because cake_enqueue should return NET_XMIT_CN to signal congestion when packets are dropped from the same tin and flow, but it does not.
How can this vulnerability impact me? :
The vulnerability can cause incorrect signaling of packet transmission success when packets are actually dropped due to buffer limits. This may lead to warnings in the network scheduler and potentially impact network traffic handling, causing performance issues or unexpected behavior in traffic control mechanisms.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by reproducing the conditions that trigger the issue, specifically by using traffic control (tc) commands to configure the network queue disciplines and then sending ping packets to observe warnings or unexpected behavior. The following commands illustrate this detection method: 1. Delete existing qdisc on loopback interface: tc qdisc del dev lo root 2. Add htb qdisc with default class: tc qdisc add dev lo root handle 1: htb default 1 3. Add htb class with a rate: tc class add dev lo parent 1: classid 1:1 htb rate 64bit 4. Add cake qdisc with very low memlimit: tc qdisc add dev lo parent 1:1 handle f: cake memlimit 1b 5. Send a flood ping to localhost: ping -I lo -f -c1 -s64 -W0.001 127.0.0.1 This setup triggers the vulnerability by causing packet drops due to low buffer limits and may produce warnings related to htb_activate. Monitoring system logs for such warnings can help detect the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the Linux kernel to a version where this vulnerability is resolved, as the issue is fixed by making cake_enqueue return NET_XMIT_CN when past buffer_limit to properly signal congestion and avoid warnings in htb_activate. Until an update is applied, avoid configuring cake qdisc with extremely low memlimit values that can trigger the issue. Monitoring and adjusting traffic control settings to prevent buffer_limit exhaustion can also help mitigate the problem.