PT-2025-30120 · Linux+9 · Linux Kernel+9

Anubis

·

Published

2025-06-30

·

Updated

2026-04-20

·

CVE-2025-38350

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw in the networking scheduler where certain classful qdiscs may unexpectedly empty a child qdisc, leading to a use-after-free condition. This can occur when a classful qdisc invokes its classes' dequeue handler on an enqueue operation. The issue arises from incomplete backlog accounting, potentially affecting parent qdiscs as well. A reproducer involving tc commands and socat demonstrates the use-after-free. The fix ensures that qdisc tree reduce backlog always calls qlen notify when the child qdisc is empty, preventing the use-after-free by resetting the qlen to 0 during qdisc deletion or purging.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

LPE

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:15011
ALSA-2025:15447
ALSA-2025:15785
ALSA-2025:15786
AZL-72593
BDU:2025-13471
CESA-2025_15785
CESA-2025_15786
CESA-2025_16582
CVE-2025-38350
DLA-4327-1
DLA-4328-1
DSA-5973-1
ECHO-C247-2330-7612
INFSA-2025_15011
INFSA-2025_15785
INFSA-2025_15786
MGASA-2025-0218
MGASA-2025-0219
OESA-2025-2080
OPENSUSE-SU-2025:20081-1
RHSA-2025:14413
RHSA-2025:14511
RHSA-2025:14691
RHSA-2025:14692
RHSA-2025:14696
RHSA-2025:14742
RHSA-2025:14744
RHSA-2025:14746
RHSA-2025:14748
RHSA-2025:14749
RHSA-2025:15786
RHSA-2025_15011
RHSA-2025_15785
RHSA-2025_15786
SUSE-SU-2025:02846-1
SUSE-SU-2025:02849-1
SUSE-SU-2025:02851-1
SUSE-SU-2025:02852-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:03310-1
SUSE-SU-2025:03344-1
SUSE-SU-2025:03384-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02846-1
SUSE-SU-2025_02849-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
SUSE-SU-2025_03310-1
SUSE-SU-2025_03344-1
USN-7722-1
USN-7722-2
USN-7724-1
USN-7725-1
USN-7725-2
USN-7725-3
USN-7726-1
USN-7726-2
USN-7726-3
USN-7726-4
USN-7726-5
USN-7754-1
USN-7754-2
USN-7755-1
USN-7755-2
USN-7755-3
USN-7770-1
USN-7776-1
USN-7779-1
USN-7802-1
USN-7809-1
USN-7819-1
USN-7819-2
USN-7820-1
USN-7832-1
USN-7875-1
ZDI-25-651

Affected Products

Almalinux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu