CVE-2025-40083

To prevent a potential crash in aggdequeue (net/sched/schqfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return value before using it, similar to the existing approach in sch_hfsc.c.

To avoid code duplication, the following changes are made:

Changed qdiscwarnnonwc(include/net/pkt_sched.h) into a static inline function.
Moved qdiscpeeklen from net/sched/schhfsc.c to include/net/pktsched.h so that sch_qfq can reuse it.
Applied qdiscpeeklen in agg_dequeue to avoid crashing.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40083.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

462dbc9101acd38e92eda93c0726857517a24bbd

Fixed

71d84658a61322e5630c85c5388fc25e4a2d08b2

Fixed

99fc137f178797204d36ac860dd8b31e35baa2df

Fixed

1bed56f089f09b465420bf23bb32985c305cfc28

Fixed

3c2a8994807623c7655ece205667ae2cf74940aa

Fixed

6ffa9d66187188e3068b5a3895e6ae1ee34f9199

Fixed

6ff8e74c8f8a68ec07ef837b95425dfe900d060f

Fixed

dd831ac8221e691e9e918585b1003c7071df0379

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40083.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.8.0

Fixed

5.4.302

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.247

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.197

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.159

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.116

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.57

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40083.json"