PT-2025-27950 · Linux+6 · Linux Kernel+6

Publicado

2025-04-08

·

Atualizado

2026-03-14

·

CVE-2025-38177

CVSS v2.0

6.0

Média

VetorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue concerns the hfsc qlen notify() function in the Linux kernel, which is not idempotent and can cause problems for its callers, such as fq codel dequeue(). To address this, changes were made to ensure hfsc qlen notify() is idempotent, including updating update vf() and using RB EMPTY NODE() and RB CLEAR NODE() in eltree remove(). The issue was reportedly exploited in a kernel CTF as a 1-day exploit.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-459

Identificadores relacionados

AZL-72763
BDU:2025-12111
CVE-2025-38177
DLA-4271-1
DLA-4327-1
OESA-2025-2080
OESA-2025-2118
OESA-2025-2119
OESA-2025-2121
OESA-2025-2122
OESA-2025-2268
OPENSUSE-SU-2025:20081-1
RHSA-2025:14413
RHSA-2025:14511
RHSA-2025:14691
RHSA-2025:14692
RHSA-2025:14696
RHSA-2025:14742
RHSA-2025:14744
RHSA-2025:14746
RHSA-2025:14748
SUSE-SU-2025:02846-1
SUSE-SU-2025:02848-1
SUSE-SU-2025:02849-1
SUSE-SU-2025:02850-1
SUSE-SU-2025:02851-1
SUSE-SU-2025:02852-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:03315-1
SUSE-SU-2025:03317-1
SUSE-SU-2025:03319-1
SUSE-SU-2025:03329-1
SUSE-SU-2025:03336-1
SUSE-SU-2025:03337-1
SUSE-SU-2025:03341-1
SUSE-SU-2025:03342-1
SUSE-SU-2025:03343-1
SUSE-SU-2025:03344-1
SUSE-SU-2025:03350-1
SUSE-SU-2025:03358-1
SUSE-SU-2025:03359-1
SUSE-SU-2025:03362-1
SUSE-SU-2025:03370-1
SUSE-SU-2025:03374-1
SUSE-SU-2025:03375-1
SUSE-SU-2025:03381-1
SUSE-SU-2025:03387-1
SUSE-SU-2025:03391-1
SUSE-SU-2025:03393-1
SUSE-SU-2025:03395-1
SUSE-SU-2025:03397-1
SUSE-SU-2025:03400-1
SUSE-SU-2025:03406-1
SUSE-SU-2025:03408-1
SUSE-SU-2025:03410-1
SUSE-SU-2025:03414-1
SUSE-SU-2025:03418-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:20722-1
SUSE-SU-2025:20723-1
SUSE-SU-2025:20724-1
SUSE-SU-2025:20725-1
SUSE-SU-2025:20726-1
SUSE-SU-2025:20727-1
SUSE-SU-2025:20728-1
SUSE-SU-2025:20729-1
SUSE-SU-2025:20730-1
SUSE-SU-2025:20733-1
SUSE-SU-2025:20734-1
SUSE-SU-2025:20737-1
SUSE-SU-2025:20738-1
SUSE-SU-2025:20768-1
SUSE-SU-2025:20769-1
SUSE-SU-2025:20770-1
SUSE-SU-2025:20771-1
SUSE-SU-2025:20774-1
SUSE-SU-2025:20784-1
SUSE-SU-2025:20785-1
SUSE-SU-2025:20786-1
SUSE-SU-2025:20787-1
SUSE-SU-2025:20788-1
SUSE-SU-2025:20789-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:4123-1
SUSE-SU-2025_02846-1
SUSE-SU-2025_02848-1
SUSE-SU-2025_02849-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
SUSE-SU-2025_03344-1
SUSE-SU-2026:0688-1
USN-7653-1
USN-7655-1
USN-7665-2
USN-7671-1
USN-7671-2
USN-7671-3
USN-7686-1
USN-7712-1
USN-7712-2

Produtos afetados

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu