CVE-2025-38107
- Source
- https://cve.org/CVERecord?id=CVE-2025-38107
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38107.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38107
- Downstream
- Related
- Published
- 2025-07-03T08:35:17.487Z
- Modified
- 2026-03-12T02:15:51.752226Z
- Summary
- net_sched: ets: fix a race in ets_qdisc_change()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netsched: ets: fix a race in etsqdisc_change()
Gerrard Tai reported a race condition in ETS, whenever SFQ perturb timer fires at the wrong time.
The race is as follows:
CPU 0 CPU 1 | | [5]: lock root | [6]: rehash | [7]: qdisctreereduce_backlog() | This can be abused to underflow a parent's qlen.
Calling qdiscpurgequeue() instead of qdisctreeflush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38107.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0383b25488a545be168744336847549d4a2d3d6c
- https://git.kernel.org/stable/c/073f64c03516bcfaf790f8edc772e0cfb8a84ec3
- https://git.kernel.org/stable/c/0b479d0aa488cb478eb2e1d8868be946ac8afb4f
- https://git.kernel.org/stable/c/347867cb424edae5fec1622712c8dd0a2c42918f
- https://git.kernel.org/stable/c/d92adacdd8c2960be856e0b82acc5b7c5395fddb
- https://git.kernel.org/stable/c/eb7b74e9754e1ba2088f914ad1f57a778b11894b
- https://git.kernel.org/stable/c/fed94bd51d62d2e0e006aa61480e94e5cd0582b0
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38107.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-38107
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced699d82e9a6db29d509a71f1f2f4316231e6232e6Fixedeb7b74e9754e1ba2088f914ad1f57a778b11894b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedce881ddbdc028fb1988b66e40e45ca0529c23b46Fixed0b479d0aa488cb478eb2e1d8868be946ac8afb4f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb05972f01e7d30419987a1f221b5593668fd6448Fixed347867cb424edae5fec1622712c8dd0a2c42918fFixed0383b25488a545be168744336847549d4a2d3d6cFixed073f64c03516bcfaf790f8edc772e0cfb8a84ec3Fixedfed94bd51d62d2e0e006aa61480e94e5cd0582b0Fixedd92adacdd8c2960be856e0b82acc5b7c5395fddb
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedfffa19b5e58c34004a0d6f642d9c24b11d213994Last affectedfb155f6597cd7bc3aeed668c3bb15fc3b7cb257d