CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions
First published: Fri Apr 18 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specific parameters. The failure occurs because TBF sometimes peeks at packets in the child qdisc without actually dequeuing them when tokens are unavailable. This peek operation creates a discrepancy between the parent and child qdisc queue length counters. When TBF later receives a high-priority packet, SKBPRIO's queue length may show a different value than what's reflected in its internal priority queue tracking, triggering the assertion. The fix removes this overly strict assertions in SKBPRIO, they are not necessary at all.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/7abc8318ce0712182bf0783dcfdd9a6a8331160e
- https://git.kernel.org/stable/c/1284733bab736e598341f1d3f3b94e2a322864a8
- https://git.kernel.org/stable/c/32ee79682315e6d3c99947b3f38b078a09a66919
- https://git.kernel.org/stable/c/1dcc144c322a8d526b791135604c0663f1af9d85
- https://git.kernel.org/stable/c/864ca690ff135078d374bd565b9872f161c614bc
- https://git.kernel.org/stable/c/2f35b7673a3aa3d09b3eb05811669622ebaa98ca
- https://git.kernel.org/stable/c/2286770b07cb5268c03d11274b8efd43dff0d380
- https://git.kernel.org/stable/c/034b293bf17c124fec0f0e663f81203b00aa7a50
- https://git.kernel.org/stable/c/ce8fe975fd99b49c29c42e50f2441ba53112b2e8
Frequently Asked Questions
What is the severity of CVE-2025-38637?
CVE-2025-38637 has been assigned a severity rating of medium due to its impact on queue management in the Linux kernel.
How do I fix CVE-2025-38637?
To resolve CVE-2025-38637, upgrade to the patched version of the Linux kernel where the issue has been addressed.
What software is affected by CVE-2025-38637?
CVE-2025-38637 affects the Linux kernel, specifically the network scheduling component dealing with skbprio.
Is CVE-2025-38637 exploitable remotely?
CVE-2025-38637 does not appear to be directly exploitable remotely as it involves local processes interacting with the kernel.
What are the implications of not addressing CVE-2025-38637?
Failure to address CVE-2025-38637 could lead to instability in network queue management, potentially affecting system performance.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/linux
- canonical/linux kernel