PT-2025-22176 · Linux+10 · Linux Kernel+10
Published
2025-04-28
·
Updated
2026-04-20
·
CVE-2025-37914
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability in the Linux kernel has been resolved, related to the net sched: ets, where a netem child qdisc can cause the parent qdisc's enqueue callback to be reentrant. This can lead to memory corruption due to adding the same classifier to the list twice. The issue is fixed by checking if the class was already added to the active list before doing the addition, in addition to checking for qlen being zero.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu