PT-2025-22175 · Linux+6 · Linux Kernel+6

Published

2025-04-28

·

Updated

2026-04-20

·

CVE-2025-37913

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved, related to the net sched component, specifically the qfq queueing discipline. The issue arises when a netem child qdisc causes the parent qdisc's enqueue callback to become reentrant, leading to memory corruption due to adding the same classifier to the list twice. This is fixed by checking if the class was already added to the agg->active list before doing the addition.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Time Of Check To Time Of Use

Double Free

Weakness Enumeration

CWE-367CWE-415

Related Identifiers

BDU:2025-11999
CVE-2025-37913
DLA-4271-1
DLA-4327-1
DSA-5925-1
ECHO-5422-9B2F-EBE4
MGASA-2025-0182
MGASA-2025-0183
OESA-2025-2054
OESA-2025-2055
OESA-2025-2056
OESA-2025-2058
OESA-2025-2059
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
SUSE-SU-2026:0473-1
USN-7649-1
USN-7649-2
USN-7650-1
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7665-1
USN-7665-2
USN-7686-1
USN-7711-1
USN-7712-1
USN-7712-2
USN-7721-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu