Linux Kernel Vulnerability Affecting Qdisc Hierarchy in Networking
CVE-2025-68325
What is CVE-2025-68325?
A vulnerability in the Linux kernel's networking subsystem affects the queuing discipline (qdisc) hierarchy, specifically in the cake scheduler. The issue arises during packet enqueueing in the cake_drop() function, which can lead to inconsistent queue length and backlog accounting due to an incorrect assumption about packet processing. When cake_enqueue() returns NET_XMIT_CN, the parent qdisc may halt enqueuing the current packet, causing a potential NULL dereference. A patch has been introduced to enhance the robustness of queue accounting by accurately computing the qlen/backlog delta, ensuring proper operation even with ACK thinning enabled.
Affected Version(s)
Linux ff57186b2cc39766672c4c0332323933e5faaa88 < 0b6216f9b3d1c33c76f74511026e5de5385ee520
Linux 15de71d06a400f7fdc15bf377a2552b0ec437cf5 < 529c284cc2815c8350860e9a31722050fe7117cb
Linux 15de71d06a400f7fdc15bf377a2552b0ec437cf5 < 3ed6c458530a547ed0c9ea0b02b19bab620be88b