Linux Kernel Vulnerability in Qdisc API Affects Networking Functionality
CVE-2025-38457
What is CVE-2025-38457?
A vulnerability exists within the Linux kernel's Qdisc API where improper handling of class relationships during qdisc creation can allow certain Qdiscs to invoke qdisc_tree_reduce_backlog with a null class reference. This bug arises when the qdisc API fails to validate the existence of the parent class before execution of the init callback. The resolution involves modifying the behavior of qdisc_leaf to ensure that it returns failure when the parent class is not found, preventing potential misconfigurations and operational disruptions in networking scenarios.
Affected Version(s)
Linux 5e50da01d0ce7ef0ba3ed6cfabd62f327da0aca6 < 923a276c74e25073ae391e930792ac86a9f77f1e
Linux 5e50da01d0ce7ef0ba3ed6cfabd62f327da0aca6 < 90436e72c9622c2f70389070088325a3232d339f
Linux 5e50da01d0ce7ef0ba3ed6cfabd62f327da0aca6 < 25452638f133ac19d75af3f928327d8016952c8e