CVE-2025-39766

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit<br /> <br /> The following setup can trigger a WARNING in htb_activate due to<br /> the condition: !cl-&gt;leaf.q-&gt;q.qlen<br /> <br /> tc qdisc del dev lo root<br /> tc qdisc add dev lo root handle 1: htb default 1<br /> tc class add dev lo parent 1: classid 1:1 \<br /> htb rate 64bit<br /> tc qdisc add dev lo parent 1:1 handle f: \<br /> cake memlimit 1b<br /> ping -I lo -f -c1 -s64 -W0.001 127.0.0.1<br /> <br /> This is because the low memlimit leads to a low buffer_limit, which<br /> causes packet dropping. However, cake_enqueue still returns<br /> NET_XMIT_SUCCESS, causing htb_enqueue to call htb_activate with an<br /> empty child qdisc. We should return NET_XMIT_CN when packets are<br /> dropped from the same tin and flow.<br /> <br /> I do not believe return value of NET_XMIT_CN is necessary for packet<br /> drops in the case of ack filtering, as that is meant to optimize<br /> performance, not to signal congestion.