CVE-2025-38108
- Source
- https://cve.org/CVERecord?id=CVE-2025-38108
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38108.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38108
- Downstream
- Related
- Published
- 2025-07-03T08:35:18.523Z
- Modified
- 2026-05-07T04:17:04.888594Z
- Summary
- net_sched: red: fix a race in __red_change()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net_sched: red: fix a race in _redchange()
Gerrard Tai reported a race condition in RED, whenever SFQ perturb timer fires at the wrong time.
The race is as follows:
CPU 0 CPU 1 | | [5]: lock root | [6]: rehash | [7]: qdisctreereduce_backlog() | This can be abused to underflow a parent's qlen.
Calling qdiscpurgequeue() instead of qdisctreeflush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38108.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/110a47efcf23438ff8d31dbd9c854fae2a48bf98
- https://git.kernel.org/stable/c/2790c4ec481be45a80948d059cd7c9a06bc37493
- https://git.kernel.org/stable/c/2a71924ca4af59ffc00f0444732b6cd54b153d0e
- https://git.kernel.org/stable/c/444ad445df5496a785705019268a8a84b84484bb
- https://git.kernel.org/stable/c/4b755305b2b0618e857fdadb499365b5f2e478d1
- https://git.kernel.org/stable/c/85a3e0ede38450ea3053b8c45d28cf55208409b8
- https://git.kernel.org/stable/c/a1bf6a4e9264a685b0e642994031f9c5aad72414
- https://git.kernel.org/stable/c/f569984417a4e12c67366e69bdcb752970de921d
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38108.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38108
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0c8d13ac96070000da33f394f45e9c19638483c5Fixed2790c4ec481be45a80948d059cd7c9a06bc37493Fixeda1bf6a4e9264a685b0e642994031f9c5aad72414Fixed110a47efcf23438ff8d31dbd9c854fae2a48bf98Fixedf569984417a4e12c67366e69bdcb752970de921dFixed2a71924ca4af59ffc00f0444732b6cd54b153d0eFixed4b755305b2b0618e857fdadb499365b5f2e478d1Fixed444ad445df5496a785705019268a8a84b84484bbFixed85a3e0ede38450ea3053b8c45d28cf55208409b8
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced5.0.0Fixed5.4.295
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.239
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.186
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.142
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.94
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.34
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.15.3