CVE-2025-21971

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-21971

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21971.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-21971

Downstream

BELL-CVE-2025-21971

DEBIAN-CVE-2025-21971

DLA-4178-1

DLA-4193-1

DSA-5900-1

ECHO-81ae-9c77-9f04

MINI-53rf-pjmr-2rjw

SUSE-SU-2025:01614-1

SUSE-SU-2025:01707-1

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01964-1

SUSE-SU-2025:01967-1

SUSE-SU-2025:02334-1

SUSE-SU-2025:02844-1

SUSE-SU-2025:02844-2

SUSE-SU-2025:02849-1

SUSE-SU-2025:02851-1

SUSE-SU-2025:02852-1

SUSE-SU-2025:03310-1

SUSE-SU-2025:03344-1

SUSE-SU-2025:03384-1

SUSE-SU-2025:03636-1

SUSE-SU-2025:03638-1

SUSE-SU-2025:03652-1

SUSE-SU-2025:03653-1

SUSE-SU-2025:03656-1

SUSE-SU-2025:03663-1

SUSE-SU-2025:03664-1

SUSE-SU-2025:03666-1

SUSE-SU-2025:03671-1

SUSE-SU-2025:03672-1

SUSE-SU-2025:20192-1

SUSE-SU-2025:20206-1

SUSE-SU-2025:20270-1

SUSE-SU-2025:20283-1

SUSE-SU-2025:20873-1

SUSE-SU-2025:20874-1

SUSE-SU-2025:20881-1

SUSE-SU-2025:20884-1

SUSE-SU-2025:20885-1

SUSE-SU-2025:20886-1

SUSE-SU-2025:20890-1

SUSE-SU-2025:20891-1

SUSE-SU-2025:20903-1

SUSE-SU-2025:20907-1

SUSE-SU-2025:20909-1

SUSE-SU-2025:20912-1

SUSE-SU-2025:20913-1

SUSE-SU-2025:20920-1

SUSE-SU-2025:3675-1

SUSE-SU-2025:3679-1

SUSE-SU-2025:3683-1

SUSE-SU-2025:3704-1

SUSE-SU-2025:3705-1

SUSE-SU-2025:3712-1

SUSE-SU-2025:3717-1

SUSE-SU-2025:3721-1

SUSE-SU-2025:3731-1

SUSE-SU-2025:3733-1

SUSE-SU-2025:3734-1

SUSE-SU-2025:3736-1

SUSE-SU-2025:3740-1

SUSE-SU-2025:3742-1

SUSE-SU-2025:3748-1

SUSE-SU-2025:3765-1

SUSE-SU-2025:3768-1

SUSE-SU-2025:4123-1

Related

Published

2025-04-01T15:47:04.448Z

Modified

2026-03-11T07:49:01.867762Z

Summary

net_sched: Prevent creation of classes with TC_H_ROOT

Details

In the Linux kernel, the following vulnerability has been resolved:

netsched: Prevent creation of classes with TCH_ROOT

The function qdisctreereducebacklog() uses TCHROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TCH_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, this could lead to a crash as reported by Mingi Cho.

Prevent the creation of any Qdisc class with classid TCHROOT (0xFFFFFFFF) across all qdisc types, as suggested by Jamal.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21971.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

066a3b5b2346febf9a655b444567b7138e3bb939

Fixed

e05d9938b1b0ac40b6054cc5fa0ccbd9afd5ed4c

Fixed

7a82fe67a9f4d7123d8e5ba8f0f0806c28695006

Fixed

003d92c91cdb5a64b25a9a74cb8543aac9a8bb48

Fixed

e5ee00607bbfc97ef1526ea95b6b2458ac9e7cb7

Fixed

78533c4a29ac3aeddce4b481770beaaa4f3bfb67

Fixed

5c3ca9cb48b51bd72bf76b8b05e24f3cd53db5e7

Fixed

94edfdfb9505ab608e86599d1d1e38c83816fc1c

Fixed

0c3057a5a04d07120b3d0ec9c79568fceb9c921e

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21971.json"