CVE-2025-37992

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37992
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37992.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37992
Downstream
Related
Published
2025-05-26T15:15:19Z
Modified
2025-08-13T00:00:22Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

netsched: Flush gsoskb list too during ->change()

Previously, when reducing a qdisc's limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list. This could result in NULL pointer dereference when we only check sch->limit against sch->q.qlen.

This patch introduces a new helper, qdiscdequeueinternal(), which ensures both the gsoskb list and the main queue are properly flushed when trimming excess packets. All relevant qdiscs (codel, fq, fqcodel, fq_pie, hhf, pie) are updated to use this helper in their ->change() routines.

References

Affected packages