CVE-2025-37992

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net_sched: Flush gso_skb list too during -&gt;change()<br /> <br /> Previously, when reducing a qdisc&amp;#39;s limit via the -&gt;change() operation, only<br /> the main skb queue was trimmed, potentially leaving packets in the gso_skb<br /> list. This could result in NULL pointer dereference when we only check<br /> sch-&gt;limit against sch-&gt;q.qlen.<br /> <br /> This patch introduces a new helper, qdisc_dequeue_internal(), which ensures<br /> both the gso_skb list and the main queue are properly flushed when trimming<br /> excess packets. All relevant qdiscs (codel, fq, fq_codel, fq_pie, hhf, pie)<br /> are updated to use this helper in their -&gt;change() routines.