In the Linux kernel, the following vulnerability has been resolved:
net/sched: schqfq: Fix race condition on qfqaggregate
A race condition can occur when 'agg' is modified in qfqchangeagg (called during qfqenqueue) while other threads access it concurrently. For example, qfqdumpclass may trigger a NULL dereference, and qfqdelete_class may cause a use-after-free.
This patch addresses the issue by:
Moved qfqdestroyclass into the critical section.
Added schtreelock protection to qfqdumpclass and qfqdumpclass_stats.