CVE-2025-68325

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68325
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68325.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-68325
Downstream
Related
Published
2025-12-18T15:02:50.214Z
Modified
2026-03-20T12:46:22.102532Z
Summary
net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: schcake: Fix incorrect qlen reduction in cakedrop

In cakedrop(), qdisctreereducebacklog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cakeenqueue(), assumes that the parent qdisc will enqueue the current packet. However, this assumption breaks when cakeenqueue() returns NETXMITCN: the parent qdisc stops enqueuing current packet, leaving the tree qlen/backlog accounting inconsistent. This mismatch can lead to a NULL dereference (e.g., when the parent Qdisc is qfq_qdisc).

This patch computes the qlen/backlog delta in a more robust way by observing the difference before and after the series of cakedrop() calls, and then compensates the qdisc tree accounting if cakeenqueue() returns NETXMITCN.

To ensure correct compensation when ACK thinning is enabled, a new variable is introduced to keep qlen unchanged.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68325.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
de04ddd2980b48caa8d7e24a7db2742917a8b280
Fixed
a3f4e3de41a3f115db35276c6b186ccbc913934a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0dacfc5372e314d1219f03e64dde3ab495a5a25e
Fixed
38abf6e931b169ea88d7529b49096f53a5dcf8fe
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
710866fc0a64eafcb8bacd91bcb1329eb7e5035f
Fixed
fcb91be52eb6e92e00b533ebd7c77fecada537e1
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
aa12ee1c1bd260943fd6ab556d8635811c332eeb
Fixed
d01f0e072dadb02fe10f436b940dd957aff0d7d4
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ff57186b2cc39766672c4c0332323933e5faaa88
Fixed
0b6216f9b3d1c33c76f74511026e5de5385ee520
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
15de71d06a400f7fdc15bf377a2552b0ec437cf5
Fixed
529c284cc2815c8350860e9a31722050fe7117cb
Fixed
3ed6c458530a547ed0c9ea0b02b19bab620be88b
Fixed
9fefc78f7f02d71810776fdeb119a05a946a27cc
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7689ab22de36f8db19095f6bdf11f28cfde92f5c
Last affected
62d591dde4defb1333d202410609c4ddeae060b3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68325.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.248
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.198
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.160
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.120
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.63
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.17.13
Type
ECOSYSTEM
Events
Introduced
6.17.0
Fixed
6.18.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68325.json"