CVE-2025-40083
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: Fix null-deref in agg_dequeue
To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return value before using it, similar to the existing approach in sch_hfsc.c.
To avoid code duplication, the following changes are made:
Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static inline function.
Moved qdisc_peek_len from net/sched/sch_hfsc.c to include/net/pkt_sched.h so that sch_qfq can reuse it.
Applied qdisc_peek_len in agg_dequeue to avoid crashing.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 462dbc9101acd38e92eda93c0726857517a24bbd < 71d84658a61322e5630c85c5388fc25e4a2d08b2 | affected |
| Linux | Linux | 462dbc9101acd38e92eda93c0726857517a24bbd < 99fc137f178797204d36ac860dd8b31e35baa2df | affected |
| Linux | Linux | 462dbc9101acd38e92eda93c0726857517a24bbd < 1bed56f089f09b465420bf23bb32985c305cfc28 | affected |
| Linux | Linux | 462dbc9101acd38e92eda93c0726857517a24bbd < 3c2a8994807623c7655ece205667ae2cf74940aa | affected |
| Linux | Linux | 462dbc9101acd38e92eda93c0726857517a24bbd < 6ffa9d66187188e3068b5a3895e6ae1ee34f9199 | affected |
| Linux | Linux | 462dbc9101acd38e92eda93c0726857517a24bbd < 6ff8e74c8f8a68ec07ef837b95425dfe900d060f | affected |
| Linux | Linux | 462dbc9101acd38e92eda93c0726857517a24bbd < dd831ac8221e691e9e918585b1003c7071df0379 | affected |
| Linux | Linux | 3.8 | affected |
| Linux | Linux | 0 < 3.8 | unaffected |
| Linux | Linux | 5.4.302 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.247 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.197 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.159 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.116 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.57 <= 6.12.* | unaffected |
| Linux | Linux | 6.16 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/71d84658a61322e5630c85c5388fc25e4a2d08b2
- https://git.kernel.org/stable/c/99fc137f178797204d36ac860dd8b31e35baa2df
- https://git.kernel.org/stable/c/1bed56f089f09b465420bf23bb32985c305cfc28
- https://git.kernel.org/stable/c/3c2a8994807623c7655ece205667ae2cf74940aa
- https://git.kernel.org/stable/c/6ffa9d66187188e3068b5a3895e6ae1ee34f9199
- https://git.kernel.org/stable/c/6ff8e74c8f8a68ec07ef837b95425dfe900d060f
- https://git.kernel.org/stable/c/dd831ac8221e691e9e918585b1003c7071df0379
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.