CVE-2025-38115
- Source
- https://cve.org/CVERecord?id=CVE-2025-38115
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38115.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38115
- Downstream
- Related
- Published
- 2025-07-03T08:35:23.750Z
- Modified
- 2026-03-11T07:45:54.680877Z
- Summary
- net_sched: sch_sfq: fix a potential crash on gso_skb handling
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netsched: schsfq: fix a potential crash on gso_skb handling
SFQ has an assumption of always being able to queue at least one packet.
However, after the blamed commit, sch->q.len can be inflated by packets in sch->gso_skb, and an enqueue() on an empty SFQ qdisc can be followed by an immediate drop.
Fix sfq_drop() to properly clear q->tail in this situation.
ip netns add lb ip link add dev to-lb type veth peer name in-lb netns lb ethtool -K to-lb tso off # force qdisc to requeue gso_skb ip netns exec lb ethtool -K in-lb gro on # enable NAPI ip link set dev to-lb up ip -netns lb link set dev in-lb up ip addr add dev to-lb 192.168.20.1/24 ip -netns lb addr add dev in-lb 192.168.20.2/24 tc qdisc replace dev to-lb root sfq limit 100
ip netns exec lb netserver
netperf -H 192.168.20.2 -l 100 & netperf -H 192.168.20.2 -l 100 & netperf -H 192.168.20.2 -l 100 & netperf -H 192.168.20.2 -l 100 &
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38115.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/5814a7fc3abb41f63f2d44c9d3ff9d4e62965b72
- https://git.kernel.org/stable/c/82448d4dcd8406dec688632a405fdcf7f170ec69
- https://git.kernel.org/stable/c/82ffbe7776d0ac084031f114167712269bf3d832
- https://git.kernel.org/stable/c/9c19498bdd7cb9d854bd3c54260f71cf7408495e
- https://git.kernel.org/stable/c/b44f791f27b14c9eb6b907fbe51f2ba8bec32085
- https://git.kernel.org/stable/c/b4e9bab6011b9559b7c157b16b91ae46d4d8c533
- https://git.kernel.org/stable/c/c337efb20d6d9f9bbb4746f6b119917af5c886dc
- https://git.kernel.org/stable/c/d1bc80da75c789f2f6830df89d91fb2f7a509943
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38115.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-38115
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda53851e2c3218aa30b77abd6e68cf1c371f15afeFixedc337efb20d6d9f9bbb4746f6b119917af5c886dcFixedb44f791f27b14c9eb6b907fbe51f2ba8bec32085Fixed5814a7fc3abb41f63f2d44c9d3ff9d4e62965b72Fixed9c19498bdd7cb9d854bd3c54260f71cf7408495eFixedb4e9bab6011b9559b7c157b16b91ae46d4d8c533Fixedd1bc80da75c789f2f6830df89d91fb2f7a509943Fixed82448d4dcd8406dec688632a405fdcf7f170ec69Fixed82ffbe7776d0ac084031f114167712269bf3d832