PT-2025-18433 · Linux+5 · Linux Kernel+5

Published

2025-04-07

·

Updated

2026-05-26

·

CVE-2025-37752

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc2-syzkaller
Description The issue is related to the Linux kernel's net sched module, specifically the sch sfq component. It is not sufficient to directly validate the limit on the data that the user passes, as it can be updated based on how other parameters are changed. The check has been moved to the end of the configuration update process to catch scenarios where the limit is indirectly updated. This resolves a syzkaller reported crash due to an array-index-out-of-bounds error in net/sched/sch sfq.c.
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the net sched: sch sfq: move the limit validation vulnerability. As a temporary workaround, consider restricting access to the vulnerable sch sfq component until a patch is available.

Exploit

Fix

DoS

Improper Validation of Array Index

Weakness Enumeration

CWE-129

Related Identifiers

BDU:2025-05411
CVE-2025-37752
DLA-4193-1
ECHO-5006-223D-F2F7
OESA-2025-1569
OESA-2025-2120
OESA-2025-2121
OESA-2025-2122
SUSE-SU-2025:01983-1
SUSE-SU-2025:02249-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02264-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02308-1
SUSE-SU-2025:02320-1
SUSE-SU-2025:02321-1
SUSE-SU-2025:02322-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02335-1
SUSE-SU-2025:02537-1
SUSE-SU-2025:02538-1
SUSE-SU-2025:02601-1
SUSE-SU-2025:02602-1
SUSE-SU-2025:02604-1
SUSE-SU-2025:02606-1
SUSE-SU-2025:02607-1
SUSE-SU-2025:02608-1
SUSE-SU-2025:02610-1
SUSE-SU-2025:02611-1
SUSE-SU-2025:02618-1
SUSE-SU-2025:02619-1
SUSE-SU-2025:02626-1
SUSE-SU-2025:02627-1
SUSE-SU-2025:02632-1
SUSE-SU-2025:02636-1
SUSE-SU-2025:02637-1
SUSE-SU-2025:02638-1
SUSE-SU-2025:02647-1
SUSE-SU-2025:02648-1
SUSE-SU-2025:02652-1
SUSE-SU-2025:02673-1
SUSE-SU-2025:02676-1
SUSE-SU-2025:02687-1
SUSE-SU-2025:02688-1
SUSE-SU-2025:02689-1
SUSE-SU-2025:02691-1
SUSE-SU-2025:02693-1
SUSE-SU-2025:02697-1
SUSE-SU-2025:02698-1
SUSE-SU-2025:02699-1
SUSE-SU-2025:02704-1
SUSE-SU-2025:02708-1
SUSE-SU-2025:02710-1
SUSE-SU-2025:02858-1
SUSE-SU-2025:02873-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02942-1
SUSE-SU-2025:02943-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20421-1
SUSE-SU-2025:20568-1
SUSE-SU-2025:20569-1
SUSE-SU-2025:20570-1
SUSE-SU-2025:20572-1
SUSE-SU-2025:20573-1
SUSE-SU-2025:20574-1
SUSE-SU-2025:20575-1
SUSE-SU-2025:20576-1
SUSE-SU-2025:20578-1
SUSE-SU-2025:20579-1
SUSE-SU-2025:20580-1
SUSE-SU-2025:20581-1
SUSE-SU-2025:20582-1
SUSE-SU-2025:20583-1
SUSE-SU-2025:20584-1
SUSE-SU-2025:20610-1
SUSE-SU-2025:20611-1
SUSE-SU-2025:20612-1
SUSE-SU-2025:20613-1
SUSE-SU-2025:20614-1
SUSE-SU-2025:20615-1
SUSE-SU-2025:20616-1
SUSE-SU-2025:20620-1
SUSE-SU-2025:20621-1
SUSE-SU-2025:20622-1
SUSE-SU-2025:20623-1
SUSE-SU-2025:20624-1
SUSE-SU-2025:20625-1
SUSE-SU-2025:2264-1
SUSE-SU-2025:4123-1
SUSE-SU-2025_01983-1
SUSE-SU-2025_02249-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02264-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02308-1
SUSE-SU-2025_02333-1
SUSE-SU-2025_02335-1
SUSE-SU-2025_02537-1
SUSE-SU-2025_02538-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-7725-1
USN-7725-2
USN-7725-3
USN-7726-1
USN-7726-2
USN-7726-3
USN-7726-4
USN-7726-5
USN-7727-1
USN-7727-2
USN-7727-3
USN-7754-1
USN-7754-2
USN-7755-1
USN-7755-2
USN-7755-3
USN-7776-1
USN-7779-1
USN-7802-1
USN-7809-1
USN-7819-1
USN-7819-2
USN-7820-1
USN-7832-1
USN-7875-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu