PT-2025-27701 · Linux+6 · Linux Kernel+6

Published

2025-07-03

·

Updated

2026-05-26

·

CVE-2025-38115

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A potential crash in the Linux kernel's net sched module has been resolved. The issue occurred in the sch sfq function, which has an assumption of always being able to queue at least one packet. However, after a specific commit, the sch->q.len can be inflated by packets in sch->gso skb, and an enqueue on an empty SFQ qdisc can be followed by an immediate drop. The fix involves properly clearing q->tail in the sfq drop function.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Resource Release

Memory Leak

Weakness Enumeration

CWE-404CWE-401

Related Identifiers

AZL-64580
BDU:2025-10780
CVE-2025-38115
DLA-4327-1
DLA-4328-1
DSA-5973-1
ECHO-BEE0-EDF9-6FBD
MGASA-2025-0218
MGASA-2025-0219
OESA-2025-1878
OESA-2025-1879
OESA-2025-1880
OESA-2025-2081
OESA-2025-2082
SUSE-SU-2025:02846-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025_02846-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7774-1
USN-7774-2
USN-7774-3
USN-7774-4
USN-7774-5
USN-7775-1
USN-7775-2
USN-7775-3
USN-7776-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu