CVE-2025-37953

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference issue was discovered in the Linux kernel, specifically in the htb next rb node() function after htb deactivate() was called. This occurred due to a regression introduced when making htb qlen notify() idempotent. The issue arises in a scenario where htb dequeue tree() is called, leading to fq codel dequeue(), qdisc tree reduce backlog(), and then htb qlen notify() and htb deactivate(). If htb deactivate() is called again after htb next rb node(), it may trigger a warning. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations To fix the issue, make htb deactivate() idempotent by returning immediately if it has already been called before. Make htb next rb node() safe against ptr==NULL to prevent the NULL pointer dereference. At the moment, there is no information about a newer version that contains a fix for this vulnerability.