PT-2025-18776 · Linux+10 · Linux Kernel+10
Published
2025-04-24
·
Updated
2026-05-26
·
CVE-2025-37797
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A Use-After-Free vulnerability has been identified in the HFSC qdisc class handling of the Linux kernel. The issue arises from a time-of-check/time-of-use condition in
hfsc change class() when working with certain child qdiscs like netem or codel. This vulnerability occurs due to the following steps:hfsc change class()checks if a class has packets (q.qlen != 0).- It then calls
qdisc peek len(), which for certain qdiscs (e.g.,codel,netem) might drop packets and empty the queue. - The code continues assuming the queue is still non-empty, adding the class to
vttree. - This breaks HFSC scheduler assumptions that only non-empty classes are in
vttree. - Later, when the class is destroyed, this can lead to a Use-After-Free.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu