CVE-2025-38193
Severity CVSS v4.0:
Pending analysis
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
04/07/2025
Last modified:
18/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net_sched: sch_sfq: reject invalid perturb period<br />
<br />
Gerrard Tai reported that SFQ perturb_period has no range check yet,<br />
and this can be used to trigger a race condition fixed in a separate patch.<br />
<br />
We want to make sure ctl->perturb_period * HZ will not overflow<br />
and is positive.<br />
<br />
<br />
tc qd add dev lo root sfq perturb -10 # negative value : error<br />
Error: sch_sfq: invalid perturb period.<br />
<br />
tc qd add dev lo root sfq perturb 1000000000 # too big : error<br />
Error: sch_sfq: invalid perturb period.<br />
<br />
tc qd add dev lo root sfq perturb 2000000 # acceptable value<br />
tc -s -d qd sh dev lo<br />
qdisc sfq 8005: root refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 perturb 2000000sec<br />
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)<br />
backlog 0b 0p requeues 0
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.13 (including) | 5.4.297 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.240 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.186 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.142 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.95 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.35 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.4 (excluding) |
| cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0357da9149eac621f39e235a135ebf155f01f7c3
- https://git.kernel.org/stable/c/2254d038dab9c194fe6a4b1ce31034f42e91a6e5
- https://git.kernel.org/stable/c/590b2d7d0beadba2aa576708a05a05f0aae39295
- https://git.kernel.org/stable/c/7ca52541c05c832d32b112274f81a985101f9ba8
- https://git.kernel.org/stable/c/956b5aebb349449b38d920d444ca1392d43719d1
- https://git.kernel.org/stable/c/b11a50544af691b787384089b68f740ae20a441b
- https://git.kernel.org/stable/c/e0936ff56be4e08ad5b60ec26971eae0c40af305
- https://git.kernel.org/stable/c/f9b97d466e6026ccbdda30bb5b71965b67ccbc82
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html