Network Scheduling Vulnerability in Linux Kernel
CVE-2025-38468
What is CVE-2025-38468?
A vulnerability in the Linux kernel's network scheduling component can lead to erroneous behavior during packet handling. Specifically, when the htb_lookup_leaf function encounters an empty red-black tree, it triggers a BUG_ON condition. This can occur under particular network configurations involving multiple queuing disciplines, potentially resulting in null pointer dereferences that disrupt network operations. Returning NULL instead of triggering a BUG_ON can resolve this issue and prevent cascading failures in packet processing, improving overall system stability.
Affected Version(s)
Linux 512bb43eb5422ee69a1be05ea0d89dc074fac9a2 < 890a5d423ef0a7bd13447ceaffad21189f557301
Linux 512bb43eb5422ee69a1be05ea0d89dc074fac9a2 < 7ff2d83ecf2619060f30ecf9fad4f2a700fca344
Linux 512bb43eb5422ee69a1be05ea0d89dc074fac9a2