CVE-2025-22061

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.71

Description A vulnerability in the Linux kernel has been resolved, specifically in the airoha tc get htb get leaf queue routine. The issue was related to a kernel warning when deleting HTB offloaded leafs and/or root HTB qdisc in the airoha eth driver. The vulnerability was exploited when using the tc command to replace the qdisc on a device, add a class, and then delete the qdisc. This resulted in a warning message and a call trace.

Recommendations To resolve the issue, update the Linux kernel to a version later than 6.6.71. As a temporary workaround, consider avoiding the use of the tc command to replace the qdisc on a device, add a class, and then delete the qdisc, until a patch is available. Restrict access to the vulnerable airoha eth driver to minimize the risk of exploitation.