Queue Accounting Issue in Linux Kernel Impacting HFSC Functionality
CVE-2025-38000

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
6 June 2025

What is CVE-2025-38000?

A vulnerability in the Linux Kernel exposes a queue accounting issue when handling packets with the Hierarchical Fair Service Curve (HFSC) class. This flaw arises during the enqueue operation, specifically in the hfsc_enqueue() function, where the queue length and backlog are not correctly updated before triggering a child queue's peek operation. As a result, the queue accounting can become inconsistent, potentially leading to unexpected behavior such as packet drops and use-after-free vulnerabilities. This vulnerability has been addressed by modifying the order of operations to ensure accurate queue metrics, preventing the risks associated with an improper accounting state.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 12d0ad3be9c3854e52ec74bb83bb6f43612827c7 < 1034e3310752e8675e313f7271b348914008719a

Linux 12d0ad3be9c3854e52ec74bb83bb6f43612827c7

Linux 12d0ad3be9c3854e52ec74bb83bb6f43612827c7 < 89c301e929a0db14ebd94b4d97764ce1d6981653

References

https://git.kernel.org/stable/c/1034e3310752e8675e313f727...
https://git.kernel.org/stable/c/f9f593e34d2fb67644372c8f7...
https://git.kernel.org/stable/c/89c301e929a0db14ebd94b4d9...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.