PT-2025-21643 · Linux+10 · Linux Kernel+10

Published

2025-04-25

·

Updated

2026-04-20

·

CVE-2025-37890

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A Use After Free (UAF) vulnerability has been identified in the Linux kernel's HFSC network scheduler when it has a netem child qdisc. The issue arises because the HFSC assumes that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree, which is not true for the netem duplicate case. This vulnerability can be exploited due to a reentrant case. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:12662
ALSA-2025:12746
ALSA-2025:12752
ALSA-2025:12753
BDU:2025-06490
CESA-2025_12752
CESA-2025_12753
CESA-2025_16582
CVE-2025-37890
DLA-4271-1
DLA-4327-1
DSA-5925-1
ECHO-6925-A7E5-6312
INFSA-2025_12746
INFSA-2025_12752
INFSA-2025_12753
MGASA-2025-0182
MGASA-2025-0183
OESA-2025-2077
OESA-2025-2078
OESA-2025-2079
OESA-2025-2081
OESA-2025-2082
RHSA-2025:12209
RHSA-2025:12662
RHSA-2025:12746
RHSA-2025:12752
RHSA-2025:12753
RHSA-2025:13135
RHSA-2025:14511
RHSA-2025:14692
RHSA-2025:14742
RHSA-2025:14744
RHSA-2025:14749
RHSA-2025:16538
RHSA-2025:16539
RHSA-2025:16540
RHSA-2025:16541
RHSA-2025:16580
RHSA-2025:16582
RHSA-2025:16583
RHSA-2025_12746
RHSA-2025_12752
RHSA-2025_12753
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02264-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02308-1
SUSE-SU-2025:02320-1
SUSE-SU-2025:02321-1
SUSE-SU-2025:02322-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02537-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:03097-1
SUSE-SU-2025:03100-1
SUSE-SU-2025:03106-1
SUSE-SU-2025:03108-1
SUSE-SU-2025:03109-1
SUSE-SU-2025:03111-1
SUSE-SU-2025:03123-1
SUSE-SU-2025:03124-1
SUSE-SU-2025:03126-1
SUSE-SU-2025:03129-1
SUSE-SU-2025:03130-1
SUSE-SU-2025:03133-1
SUSE-SU-2025:03148-1
SUSE-SU-2025:03153-1
SUSE-SU-2025:03154-1
SUSE-SU-2025:03156-1
SUSE-SU-2025:03160-1
SUSE-SU-2025:03165-1
SUSE-SU-2025:03175-1
SUSE-SU-2025:03179-1
SUSE-SU-2025:03180-1
SUSE-SU-2025:03181-1
SUSE-SU-2025:03182-1
SUSE-SU-2025:03184-1
SUSE-SU-2025:03185-1
SUSE-SU-2025:03186-1
SUSE-SU-2025:03190-1
SUSE-SU-2025:03191-1
SUSE-SU-2025:03194-1
SUSE-SU-2025:03195-1
SUSE-SU-2025:03207-1
SUSE-SU-2025:03208-1
SUSE-SU-2025:03209-1
SUSE-SU-2025:03210-1
SUSE-SU-2025:03212-1
SUSE-SU-2025:03215-1
SUSE-SU-2025:03217-1
SUSE-SU-2025:03223-1
SUSE-SU-2025:03226-1
SUSE-SU-2025:03235-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025:20698-1
SUSE-SU-2025:20699-1
SUSE-SU-2025:20700-1
SUSE-SU-2025:20703-1
SUSE-SU-2025:20704-1
SUSE-SU-2025:20705-1
SUSE-SU-2025:20706-1
SUSE-SU-2025:20707-1
SUSE-SU-2025:20711-1
SUSE-SU-2025:20712-1
SUSE-SU-2025:20714-1
SUSE-SU-2025:20761-1
SUSE-SU-2025:20763-1
SUSE-SU-2025:20766-1
SUSE-SU-2025:20767-1
SUSE-SU-2025:20775-1
SUSE-SU-2025:20776-1
SUSE-SU-2025:20777-1
SUSE-SU-2025:20778-1
SUSE-SU-2025:20782-1
SUSE-SU-2025:2264-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02264-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02308-1
SUSE-SU-2025_02333-1
SUSE-SU-2025_02537-1
USN-7608-1
USN-7608-2
USN-7608-3
USN-7608-4
USN-7608-5
USN-7608-6
USN-7608-7
USN-7609-1
USN-7609-2
USN-7609-3
USN-7609-4
USN-7609-5
USN-7610-1
USN-7610-2
USN-7610-3
USN-7611-1
USN-7611-2
USN-7611-3
USN-7611-4
USN-7618-1
USN-7628-1
USN-7653-1
USN-7655-1
USN-7665-2
USN-7671-1
USN-7671-2
USN-7671-3
USN-7686-1
USN-7712-1
USN-7712-2

Affected Products

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu