CVE-2025-38553

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A flaw exists in the Linux kernel's net/sched subsystem related to the handling of netem (network emulator) queuing disciplines (qdiscs). The duplication prevention logic within netem enqueue fails when a netem instance resides within a qdisc tree alongside other netem instances. This can lead to a soft lockup and an out-of-memory (OOM) loop during netem dequeue. The issue arises from the potential for duplicated netem instances to exist within the same qdisc tree. Previous attempts to address this included tracking duplication status in the sk buff structure, restricting recursion depth, and using metadata in netem skb cb, but these were deemed either too specific, bypassable, or overly complex. The current solution prevents a duplicating netem from existing in the same tree as other netems.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.