PT-2025-22177 · Linux+6 · Linux Kernel+6

Published

2025-04-28

·

Updated

2026-04-20

·

CVE-2025-37915

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved, related to the net sched component, specifically the drr class with netem as a child qdisc. The issue arises when the parent qdisc's enqueue callback becomes reentrant due to a netem child qdisc, leading to memory corruption as the same classifier is added to the list twice. The patch resolves this by checking if the class was already added to the active list before adding it to the list, covering the reentrant case.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Time Of Check To Time Of Use

Double Free

Weakness Enumeration

CWE-367CWE-415

Related Identifiers

BDU:2025-11998
CVE-2025-37915
DLA-4271-1
DLA-4327-1
DSA-5925-1
ECHO-5E78-3239-4E9A
MGASA-2025-0182
MGASA-2025-0183
OESA-2025-2054
OESA-2025-2055
OESA-2025-2056
OESA-2025-2554
OESA-2025-2555
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
USN-7649-1
USN-7649-2
USN-7650-1
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7665-1
USN-7665-2
USN-7686-1
USN-7711-1
USN-7712-1
USN-7712-2
USN-7721-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu