PT-2025-33767 · Linux+6 · Linux Kernel+6

Published

2025-08-05

·

Updated

2026-04-20

·

CVE-2025-38568

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A stack out-of-bounds write issue exists in the tc entry parsing within the mqprio module of the Linux kernel. The TCA MQPRIO TC ENTRY INDEX is validated using NLA POLICY MAX(NLA U32, TC QOPT MAX QUEUE), allowing a value of TC QOPT MAX QUEUE (16). This leads to a 4-byte out-of-bounds write in the fp[] array, which has a capacity of 16 elements (0–15).
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Validation of Array Index

Memory Corruption

Weakness Enumeration

CWE-129CWE-787

Related Identifiers

ALSA-2026:1617
ALSA-2026:1690
AZL-66503
BDU:2025-15801
CVE-2025-38568
MGASA-2025-0234
MGASA-2025-0235
OPENSUSE-SU-2025:20081-1
RHSA-2026:1617
RHSA-2026:1690
RHSA-2026:1727
RHSA-2026:2352
RHSA-2026:2594
SUSE-SU-2025:03272-1
SUSE-SU-2025:03290-1
SUSE-SU-2025:03301-1
SUSE-SU-2025:03382-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20653-1
SUSE-SU-2025:20669-1
SUSE-SU-2025:20739-1
SUSE-SU-2025:20756-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_03272-1
SUSE-SU-2025_03290-1
SUSE-SU-2025_03301-1
SUSE-SU-2025_03382-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7934-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Rocky Linux
Suse
Ubuntu