Race Condition Vulnerability in Linux Kernel's SFQ Perturb Period Handling
CVE-2025-38193

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38193?

A vulnerability has been identified in the Linux kernel related to the SFQ (Stochastic Fair Queueing) perturb period. This issue occurs due to inadequate validation of the perturb_period value, allowing for the possibility of triggering a race condition. Specifically, values such as negative integers or excessively large numbers can result in errors, which are indicative of the lack of input validation. The vulnerability underscores the importance of ensuring that perturb_period values are constrained to acceptable ranges to prevent overflow and maintain network scheduling integrity.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 956b5aebb349449b38d920d444ca1392d43719d1

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0357da9149eac621f39e235a135ebf155f01f7c3

References

https://git.kernel.org/stable/c/956b5aebb349449b38d920d44...

https://git.kernel.org/stable/c/b11a50544af691b787384089b...

https://git.kernel.org/stable/c/0357da9149eac621f39e235a1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025