Race Condition in Linux Kernel's Scheduling Subsystem
CVE-2025-38083
What is CVE-2025-38083?
A race condition exists within the Linux kernel's scheduling subsystem, specifically involving the priority scheduling (prio) mechanism. This issue arises when the Stochastic Fair Queuing (SFQ) perturb timer triggers in an inappropriate sequence, allowing for potential abuse that leads to underflow in the parent's queue length (qlen). The flaw occurs during the process of flushing the backlog of queued packets, which may be exploited to disrupt normal network operations. To mitigate this, invoking qdisc_purge_queue() instead of qdisc_tree_flush_backlog() is recommended to ensure all packets are cleared before releasing the lock, thus safeguarding against this timing issue.
Affected Version(s)
Linux 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7 < 46c15c9d0f65c9ba857d63f53264f4b17e8a715f
Linux 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7
Linux 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7 < 93f9eeb678d4c9c1abf720b3615fa8299a490845