PT-2025-52253 · Linux+3 · Linux Kernel+3

Published

2025-11-27

·

Updated

2026-05-11

·

CVE-2025-68325

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An issue exists in the Linux kernel’s sch cake scheduler related to incorrect queue length (qlen) reduction within the cake drop() function. The problem arises because cake enqueue() assumes the parent qdisc will enqueue a packet, but this assumption fails when cake enqueue() returns NET XMIT CN, leading to inconsistent qlen/backlog accounting and potentially a NULL dereference, such as when the parent Qdisc is qfq qdisc. The patch addresses this by calculating the qlen/backlog delta more robustly, observing the difference before and after cake drop() calls, and compensating the qdisc tree accounting if cake enqueue() returns NET XMIT CN. A new variable is introduced to maintain qlen consistency when ACK thinning is enabled.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-02930
CVE-2025-68325
ECHO-F92D-F62D-FE64
OPENSUSE-SU-2025:15836-1
OPENSUSE-SU-2026:10301-1
OPENSUSE-SU-2026:20287-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8094-1
USN-8094-2
USN-8094-3
USN-8094-4
USN-8094-5
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8152-1
USN-8163-1
USN-8163-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu