Linux Kernel Vulnerability in skbprio Queue Management
CVE-2025-38637
Summary
A vulnerability in the Linux kernel's skbprio implementation affects the enqueue and dequeue processing under specific conditions. When skbprio is utilized as a child queue discipline (qdisc) under Token Bucket Filter (TBF) configurations, it can lead to an assertion failure due to TBF peeking at packets without dequeuing them when tokens are unavailable. This peek action causes a mismatch between the lengths of the parent and child qdisc queues. Consequently, when a high-priority packet is processed, skbprio may present an incorrect queue length, resulting in assertion failures. The patch for this issue eliminates unnecessary strict assertions within skbprio, ensuring reliable queue management.
Affected Version(s)
Linux aea5f654e6b78a0c976f7a25950155932c77a53f < 7abc8318ce0712182bf0783dcfdd9a6a8331160e
Linux aea5f654e6b78a0c976f7a25950155932c77a53f < 1284733bab736e598341f1d3f3b94e2a322864a8
Linux aea5f654e6b78a0c976f7a25950155932c77a53f < 32ee79682315e6d3c99947b3f38b078a09a66919
References
Timeline
Vulnerability published
Vulnerability Reserved