PT-2025-35957 · Linux +1 · Linux Kernel +1
Shuang
·
Published
2025-09-04
·
Updated
2025-09-04
·
CVE-2025-38684
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
**Name of the Vulnerable Software and Affected Versions:**
Linux kernel versions prior to 6.12.0-116.el10.x86 64
**Description:**
A flaw was discovered in the Linux kernel's `sch ets` module related to the handling of queue bands during the purging of unused classes. Specifically, the code used an outdated value for `nbands` when cleaning up DWRR queues, leading to a potential NULL pointer dereference. This issue was identified through a test case and triggered by recent changes to the qdisc length accounting fixes.
**Recommendations:**
Update the Linux kernel to version 6.12.0-116.el10.x86 64 or later to address this issue.
Related Identifiers
CVE-2025-38684
Affected Products
Debian
Linux Kernel
References · 14
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38684 · Security Note
- https://security-tracker.debian.org/tracker/source-package/linux · Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-38684 · Security Note
- https://security-tracker.debian.org/tracker/CVE-2025-38684 · Vendor Advisory
- https://git.kernel.org/stable/c/84a24fb446ee07b22b64aae6f0e3f4a38266310a · Note
- https://git.kernel.org/stable/c/5b3b346bc4c2aa2c428735438a11989d251f32f1 · Note
- https://git.kernel.org/stable/c/970c1c731c4ede46d05f5b0355724d1e400cfbca · Note
- https://twitter.com/CVEnew/status/1963644658271068161 · Twitter Post
- https://git.kernel.org/stable/c/d69f4a258cd91b3bcef7089eb0401005aae2aed5 · Note
- https://git.kernel.org/stable/c/bdfddcde86e8b9245d9c0c2efe2b6fe8dcf6bf41 · Note
- https://git.kernel.org/stable/c/be9692dafdfb36d9c43afd9d4e1d9d9ba8e7b51b · Note
- https://packages.debian.org/src:linux · Note
- https://git.kernel.org/stable/c/97ec167cd2e8a81a2d87331a2ed92daf007542c8 · Note
- https://git.kernel.org/stable/c/87c6efc5ce9c126ae4a781bc04504b83780e3650 · Note