Memory Management Flaw in Linux Kernel Affects HFSC Scheduling
CVE-2025-38001

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-38001?

A vulnerability in the Linux kernel's HFSC (Hierarchical Fair Service Curve) scheduling can lead to a use-after-free (UAF) scenario when utilizing NETEM (Network Emulator). The vulnerability arises from a flaw in how the system checks for classes already in the eltree during enqueue operations. This specific flaw allows attackers to bypass certain checks by using the HFSC_RSC flag, potentially executing an infinite loop and stalling network packet processing. To mitigate this issue, explicit checks for existing classes in the eltree must be implemented when the HFSC_RSC flag is in use.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6672e6c00810056acaac019fe26cdc26fee8a66c

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2c928b3a0b04a431ffcd6c8b7d88a267124a3a28

References

https://git.kernel.org/stable/c/e5bee633cc276410337d54b99...

https://git.kernel.org/stable/c/6672e6c00810056acaac019fe...

https://git.kernel.org/stable/c/2c928b3a0b04a431ffcd6c8b7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Apr 16, 2025