CVE-2025-38083

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38083

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38083.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38083

Downstream

BELL-CVE-2025-38083

DEBIAN-CVE-2025-38083

DSA-5973-1

ECHO-61f5-b70f-bdf1

SUSE-SU-2025:02249-1

SUSE-SU-2025:02264-1

SUSE-SU-2025:02308-1

SUSE-SU-2025:02537-1

SUSE-SU-2025:02538-1

SUSE-SU-2025:02854-1

SUSE-SU-2025:02857-1

SUSE-SU-2025:02858-1

SUSE-SU-2025:02859-1

SUSE-SU-2025:02860-1

SUSE-SU-2025:02871-1

SUSE-SU-2025:02873-1

SUSE-SU-2025:02875-1

SUSE-SU-2025:02876-1

SUSE-SU-2025:02918-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02932-1

SUSE-SU-2025:02934-1

Related

Published

2025-06-20T12:15:21Z

Modified

2025-08-12T21:01:39Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

netsched: prio: fix a race in priotune()

Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time.

The race is as follows:

CPU 0 CPU 1 | | [5]: lock root | [6]: rehash | [7]: qdisctreereduce_backlog() | This can be abused to underflow a parent's qlen.

Calling qdiscpurgequeue() instead of qdisctreeflush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.

References

Affected packages