CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate
In the Linux kernel, the following vulnerability has been resolved:
net/sched: schqfq: Fix race condition on qfqaggregate
A race condition can occur when 'agg' is modified in qfqchangeagg (called during qfqenqueue) while other threads access it concurrently. For example, qfqdumpclass may trigger a NULL dereference, and qfqdeleteclass may cause a use-after-free.
This patch addresses the issue by:
1. Moved qfqdestroyclass into the critical section.
2. Added schtreelock protection to qfqdumpclass and qfqdumpclassstats.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2025-38477?
CVE-2025-38477 has a medium severity rating due to the potential for a race condition that can affect system stability.
How do I fix CVE-2025-38477?
To mitigate CVE-2025-38477, update to the latest version of the Linux kernel where this race condition has been resolved.
What are the potential impacts of CVE-2025-38477?
CVE-2025-38477 can lead to unexpected behavior or crashes in systems utilizing the affected Linux kernel functionality.
Which versions of the Linux kernel are affected by CVE-2025-38477?
CVE-2025-38477 affects certain versions of the Linux kernel prior to the fix being implemented.
Is CVE-2025-38477 exploitable remotely?
CVE-2025-38477 primarily involves a race condition that could be exploited locally, thus it may not pose a direct remote attack vector.