AZL-67232

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67232.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-67232

Upstream

CVE-2025-39766

Published

2025-09-11T17:15:41Z

Modified

2026-04-01T05:21:10.192075Z

Summary

CVE-2025-39766 affecting package kernel for versions less than 6.6.104.2-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit

The following setup can trigger a WARNING in htb_activate due to the condition: !cl->leaf.q->q.qlen

tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo parent 1: classid 1:1 \ htb rate 64bit tc qdisc add dev lo parent 1:1 handle f: \ cake memlimit 1b ping -I lo -f -c1 -s64 -W0.001 127.0.0.1

This is because the low memlimit leads to a low bufferlimit, which causes packet dropping. However, cakeenqueue still returns NETXMITSUCCESS, causing htbenqueue to call htbactivate with an empty child qdisc. We should return NETXMITCN when packets are dropped from the same tin and flow.

I do not believe return value of NETXMITCN is necessary for packet drops in the case of ack filtering, as that is meant to optimize performance, not to signal congestion.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-39766

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.104.2-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67232.json"