CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent

Published Jul 4, 2025
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

schhfsc: make hfscqlennotify() idempotent

hfscqlennotify() is not idempotent either and not friendly to its callers, like fqcodeldequeue(). Let's make it idempotent to ease qdisctreereducebacklog() callers' life:

1. updatevf() decreases cl->clnactive, so we can check whether it is non-zero before calling it.

2. eltreeremove() always removes RB node cl->elnode, but we can use RBEMPTYNODE() + RBCLEARNODE() to make it safe.

Affected Software

12 affected componentsFixes available
Linux Foundation Linux Kernel
Linux Linux kernel<5.4.297
Linux Linux kernel>=5.5<5.10.241
Linux Linux kernel>=5.11<5.15.190
Linux Linux kernel>=5.16<6.1.138
Linux Linux kernel>=6.2<6.6.90
Linux Linux kernel>=6.7<6.12.28
Linux Linux kernel>=6.13<6.14.6
Linux Linux kernel=6.15-rc1
Debian Debian Linux=11.0
Microsoft cbl2 kernel 5.15.186.1-1
Microsoft cbl2 kernel 5.15.186.1-1
Patch available

Remediation

Patch Available

https://git.kernel.org/stable/c/0475c85426b18eccdcb7f9fb58d8f8e9c6c58c87

Patch Available

https://git.kernel.org/stable/c/51eb3b65544c9efd6a1026889ee5fb5aa62da3bb

Patch Available

https://git.kernel.org/stable/c/72c61ffbeeb8c50f6d4d70c65d3283aa1bac57a7

Patch Available

https://git.kernel.org/stable/c/9030a91235ae4845ec71902c3e0cecfc9ed1f2df

Patch Available

https://git.kernel.org/stable/c/9a5fd5c2f4d4afdd5e405083ee53e0789ce76956

Patch Available

https://git.kernel.org/stable/c/a5efc95a33bd4fcb879250852828cc58c7862970

Patch Available

https://git.kernel.org/stable/c/c1175c4ad01dbc9c979d099861fa90a754f72059

Patch Available

https://git.kernel.org/stable/c/d06476714d2819b550e0cc39222347e2c8941c9d

Event History

Jul 4, 2025
CVE Published
via MITRE·12:47 PM
Data Sourced
via MITRE·12:47 PM
Description
Data Sourced
via Red Hat·01:01 PM
DescriptionSeverityAffected Software
Data Sourced
via NVD·01:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Dec 20, 2025
Data Sourced
via Microsoft·01:01 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·09:01 AM
DescriptionSeverity

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-38177?

CVE-2025-38177 has a moderate severity rating due to its impact on the Linux kernel's queuing discipline.

2

What does CVE-2025-38177 affect?

CVE-2025-38177 affects the Linux Kernel's hfsc_qlen_notify() function and its interaction with other queuing mechanisms.

3

How do I fix CVE-2025-38177?

To fix CVE-2025-38177, update your Linux Kernel to the latest version where the vulnerability has been resolved.

4

What is hfsc_qlen_notify() in relation to CVE-2025-38177?

hfsc_qlen_notify() is a function in the Linux kernel that needed to be made idempotent to improve its compatibility with other queue management functions.

5

Why is CVE-2025-38177 a concern for Linux users?

CVE-2025-38177 is a concern for Linux users as it can potentially lead to inefficiencies in packet queuing and network performance.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203