In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: reject invalid perturb period Gerrard Tai reported that SFQ

LINUX

04-07-2025 16:38

CVE-2025-38193 Vulnerabilidad documentada

Sin puntuación

Tags

#kernel

#add

#linux

#vulnerability

#root

#patch

#overflow

#fix

#error

Descripción

In the Linux kernel, following vulnerability has been resolved: net_sched: sch_sfq: reject invalid perturb period Gerrard Tai reported that SFQ perturb_period no range check yet, and this can be used to trigger a race condition fixed in separate patch. We want make sure ctl->perturb_period * HZ will not overflow and is positive. tc qd add dev lo root sfq -10 # negative value : error Error: period. tc 1000000000 too big 2000000 acceptable value tc -s -d sh lo qdisc 8005: refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 2000000sec Sent 0 bytes pkt (dropped 0, overlimits requeues 0) backlog 0b 0p

https://git.kernel.org/stable/c/0357da9149eac621f39e235a135ebf155f01f7c3

https://git.kernel.org/stable/c/590b2d7d0beadba2aa576708a05a05f0aae39295

https://git.kernel.org/stable/c/7ca52541c05c832d32b112274f81a985101f9ba8

https://git.kernel.org/stable/c/956b5aebb349449b38d920d444ca1392d43719d1

https://git.kernel.org/stable/c/b11a50544af691b787384089b68f740ae20a441b

https://git.kernel.org/stable/c/f9b97d466e6026ccbdda30bb5b71965b67ccbc82

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-38193

Resultados similares

Coincidentes en almenos en 50% de los tags

16-07-2025
Linux : Debian Bookworm: gnutls28 Important Denial of Service Fix DSA-5962-1 ... https://linuxs...
Ver información

16-07-2025
Linux : Oracle Linux 8: python3.11-setuptools Moderate Security Fix ELSA-2025-11043 The followi...
Ver información