Use-After-Free Vulnerability in Linux Kernel Affecting Classful Qdiscs

CVE-2025-38350

What is CVE-2025-38350?

A vulnerability in the Linux Kernel allows certain classful queuing disciplines (qdiscs) to generate use-after-free conditions. Specifically, during an enqueue operation, a child qdisc may be unexpectedly emptied, which can lead to passive class states via qlen_notify(). Many qdiscs do not anticipate this unexpected behavior, resulting in potential instability. This issue could be exacerbated by similar behaviors occurring in the parent qdisc, heightening the risk of use-after-free scenarios. The recent patch addresses this by ensuring that qdisc_tree_reduce_backlog always triggers qlen_notify when child qdiscs become empty, thus providing a safeguard against stale class pointers.

References