CVE-2025-39766

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A flaw exists in the Linux kernel's networking scheduler related to the cake queuing discipline. Specifically, cake enqueue does not return NET XMIT CN when packets are dropped due to exceeding the buffer limit. This can lead to a WARNING in htb activate when an empty child queue is encountered. The issue is triggered by a low memlimit setting, causing packet dropping, while cake enqueue incorrectly returns NET XMIT SUCCESS.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252

Related Identifiers

ALSA-2026:8921

ALSA-2026:9264

AZL-67232

AZL-73962

BDU:2025-15696

CVE-2025-39766

DLA-4327-1

DLA-4328-1

DSA-6008-1

DSA-6009-1

ECHO-D0E6-D695-2637

OPENSUSE-SU-2025:20081-1

RHSA-2026:19568

RHSA-2026:19569

RHSA-2026:8921

RHSA-2026:9264

SUSE-SU-2025:03600-1

SUSE-SU-2025:03601-1

SUSE-SU-2025:03633-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3725-1

SUSE-SU-2025:3751-1

USN-7909-1

USN-7909-2

USN-7909-3

USN-7909-4

USN-7909-5

USN-7910-1

USN-7910-2

USN-7933-1

USN-7938-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-39766

Weakness Enumeration

Related Identifiers

Affected Products

References · 3055