Memory Management Flaw in Linux Kernel Affects HFSC Scheduling
CVE-2025-38001
Key Information:
Badges
What is CVE-2025-38001?
A vulnerability in the Linux kernel's HFSC (Hierarchical Fair Service Curve) scheduling can lead to a use-after-free (UAF) scenario when utilizing NETEM (Network Emulator). The vulnerability arises from a flaw in how the system checks for classes already in the eltree during enqueue operations. This specific flaw allows attackers to bypass certain checks by using the HFSC_RSC flag, potentially executing an infinite loop and stalling network packet processing. To mitigate this issue, explicit checks for existing classes in the eltree must be implemented when the HFSC_RSC flag is in use.
Affected Version(s)
Linux 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea
Linux 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea < 6672e6c00810056acaac019fe26cdc26fee8a66c
Linux 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea < 2c928b3a0b04a431ffcd6c8b7d88a267124a3a28
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.