CVE-2025-38108

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38108
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38108.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38108
Downstream
Related
Published
2025-07-03T08:35:18.523Z
Modified
2026-03-20T12:42:40.859023Z
Summary
net_sched: red: fix a race in __red_change()
Details

In the Linux kernel, the following vulnerability has been resolved:

net_sched: red: fix a race in _redchange()

Gerrard Tai reported a race condition in RED, whenever SFQ perturb timer fires at the wrong time.

The race is as follows:

CPU 0 CPU 1 | | [5]: lock root | [6]: rehash | [7]: qdisctreereduce_backlog() | This can be abused to underflow a parent's qlen.

Calling qdiscpurgequeue() instead of qdisctreeflush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38108.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0c8d13ac96070000da33f394f45e9c19638483c5
Fixed
2790c4ec481be45a80948d059cd7c9a06bc37493
Fixed
a1bf6a4e9264a685b0e642994031f9c5aad72414
Fixed
110a47efcf23438ff8d31dbd9c854fae2a48bf98
Fixed
f569984417a4e12c67366e69bdcb752970de921d
Fixed
2a71924ca4af59ffc00f0444732b6cd54b153d0e
Fixed
4b755305b2b0618e857fdadb499365b5f2e478d1
Fixed
444ad445df5496a785705019268a8a84b84484bb
Fixed
85a3e0ede38450ea3053b8c45d28cf55208409b8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38108.json"