PT-2025-35957 · Linux+8 · Linux Kernel+8

Shuang

·

Published

2025-08-12

·

Updated

2026-05-26

·

CVE-2025-38684

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-116.el10.x86 64
Description A flaw was discovered in the Linux kernel's sch ets module related to the handling of queue bands during the purging of unused classes. Specifically, the code used an outdated value for nbands when cleaning up DWRR queues, leading to a potential NULL pointer dereference. This issue was identified through a test case and triggered by recent changes to the qdisc length accounting fixes.
Recommendations Update the Linux kernel to version 6.12.0-116.el10.x86 64 or later to address this issue.

Exploit

Fix

DoS

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025:15011
BDU:2025-15762
CESA-2025_15785
CVE-2025-38684
DLA-4327-1
DLA-4328-1
DSA-6009-1
ECHO-3176-E5E3-1B75
MGASA-2025-0234
MGASA-2025-0235
OPENSUSE-SU-2025:20081-1
RHSA-2025_15011
RHSA-2025_15785
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3725-1
SUSE-SU-2025:3751-1
SUSE-SU-2026:0474-1
SUSE-SU-2026:0496-1
SUSE-SU-2026:0617-1
SUSE-SU-2026:1131-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Almalinux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu