CVE-2025-38177

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38177

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38177.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38177

Downstream

BELL-CVE-2025-38177

DEBIAN-CVE-2025-38177

DLA-4271-1

OESA-2025-2080

OESA-2025-2118

OESA-2025-2119

OESA-2025-2121

OESA-2025-2122

OESA-2025-2268

RHSA-2025:14413

RHSA-2025:14511

RHSA-2025:14691

RHSA-2025:14692

RHSA-2025:14696

RHSA-2025:14742

RHSA-2025:14744

RHSA-2025:14746

RHSA-2025:14748

RHSA-2025:15016

RHSA-2025:15035

SUSE-SU-2025:02846-1

SUSE-SU-2025:02848-1

SUSE-SU-2025:02849-1

SUSE-SU-2025:02850-1

SUSE-SU-2025:02851-1

SUSE-SU-2025:02852-1

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

UBUNTU-CVE-2025-38177

USN-7653-1

USN-7655-1

USN-7665-2

USN-7671-1

USN-7671-2

USN-7671-3

USN-7686-1

USN-7712-1

USN-7712-2

Related

Published

2025-07-04T13:15:24Z

Modified

2025-08-28T15:15:48Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

schhfsc: make hfscqlen_notify() idempotent

hfscqlennotify() is not idempotent either and not friendly to its callers, like fqcodeldequeue(). Let's make it idempotent to ease qdisctreereduce_backlog() callers' life:

updatevf() decreases cl->clnactive, so we can check whether it is non-zero before calling it.
eltreeremove() always removes RB node cl->elnode, but we can use RBEMPTYNODE() + RBCLEARNODE() to make it safe.

References

Affected packages