AZL-69027

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69027.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-69027

Upstream

CVE-2025-40083

Published

2025-10-29T14:15:54Z

Modified

2026-04-01T05:21:31.807930Z

Summary

CVE-2025-40083 affecting package kernel for versions less than 6.6.117.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: schqfq: Fix null-deref in aggdequeue

To prevent a potential crash in aggdequeue (net/sched/schqfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return value before using it, similar to the existing approach in sch_hfsc.c.

To avoid code duplication, the following changes are made:

Changed qdiscwarnnonwc(include/net/pkt_sched.h) into a static inline function.
Moved qdiscpeeklen from net/sched/schhfsc.c to include/net/pktsched.h so that sch_qfq can reuse it.
Applied qdiscpeeklen in agg_dequeue to avoid crashing.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40083

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.117.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69027.json"