CVE-2025-37992

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-37992
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37992.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37992
Downstream
Related
Published
2025-05-26T14:54:15.796Z
Modified
2026-05-15T11:54:42.196457337Z
Summary
net_sched: Flush gso_skb list too during ->change()
Details

In the Linux kernel, the following vulnerability has been resolved:

netsched: Flush gsoskb list too during ->change()

Previously, when reducing a qdisc's limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list. This could result in NULL pointer dereference when we only check sch->limit against sch->q.qlen.

This patch introduces a new helper, qdiscdequeueinternal(), which ensures both the gsoskb list and the main queue are properly flushed when trimming excess packets. All relevant qdiscs (codel, fq, fqcodel, fq_pie, hhf, pie) are updated to use this helper in their ->change() routines.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37992.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.5.0
Fixed
5.10.238
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.184
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.140
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.92
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.30
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.14.8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37992.json"