Linux · Linux Kernel · CVE-2025-21702
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to the `pfifo tail enqueue` function in the Linux kernel. When `sch->limit == 0` and `pfifo tail enqueue` is triggered on a scheduler with no packets, the function will not drop a packet and will instead increase the scheduler's `qlen` by one, returning a `NET XMIT CN` status code. This can lead to a situation where the parent's `qlen` does not equal the sum of its children's `qlen`, violating the design. The problem can be exploited for user-to-kernel privilege escalation when reachable.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.