CVE-2025-38001

Linux kernel versions prior to the fix included in commit 141d34391abbb315d68556b7c67ad97885407547.

The Linux kernel contains a vulnerability in the net sched subsystem, specifically within the HFSC (Hierarchical Fair Queuing) scheduler. A use-after-free (UAF) condition can occur when HFSC is used in conjunction with NETEM (Network Emulator). The vulnerability arises because the patch intended to prevent double insertion into the eltree can be bypassed. Specifically, the check for existing class insertion is insufficient when using HFSC RSC, allowing a class to be inserted twice. This can lead to an infinite loop in hfsc dequeue under normal conditions, or, if TBF (Token Bucket Filter) is used as a root qdisc with a low rate, it can be exploited to cause a UAF.

Update the Linux kernel to a version that includes the fix from commit 141d34391abbb315d68556b7c67ad97885407547. As a temporary workaround, consider disabling the hfsc queuing discipline or avoiding the use of HFSC with NETEM until a patched version is available.