PT-2025-6938 · Linux+9 · Linux Kernel+9

Quang Le

·

Published

2025-02-03

·

Updated

2026-01-14

·

CVE-2025-21702

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to the pfifo tail enqueue function in the Linux kernel. When sch->limit == 0 and pfifo tail enqueue is triggered on a scheduler with no packets, the function will not drop a packet and will instead increase the scheduler's qlen by one, returning a NET XMIT CN status code. This can lead to a situation where the parent's qlen does not equal the sum of its children's qlen, violating the design. The problem can be exploited for user-to-kernel privilege escalation when reachable.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-440CWE-438

Related Identifiers

ALSA-2025:20095
ALSA-2025:20518
BDU:2025-02167
CVE-2025-21702
DLA-4178-1
DLA-4193-1
DSA-5900-1
ECHO-D62A-03F6-0840
INFSA-2025_20518
OESA-2025-1282
OESA-2025-1869
OESA-2025-1874
OESA-2025-1963
OESA-2025-1964
RHSA-2025:20095
RHSA-2025:20518
RHSA-2025_20518
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01972-1
SUSE-SU-2025:01983-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02099-1
SUSE-SU-2025:02264-1
SUSE-SU-2025:02308-1
SUSE-SU-2025:02320-1
SUSE-SU-2025:02321-1
SUSE-SU-2025:02322-1
SUSE-SU-2025:02537-1
SUSE-SU-2025:02601-1
SUSE-SU-2025:02602-1
SUSE-SU-2025:02604-1
SUSE-SU-2025:02606-1
SUSE-SU-2025:02607-1
SUSE-SU-2025:02608-1
SUSE-SU-2025:02610-1
SUSE-SU-2025:02611-1
SUSE-SU-2025:02618-1
SUSE-SU-2025:02619-1
SUSE-SU-2025:02627-1
SUSE-SU-2025:02632-1
SUSE-SU-2025:02636-1
SUSE-SU-2025:02637-1
SUSE-SU-2025:02638-1
SUSE-SU-2025:02647-1
SUSE-SU-2025:02648-1
SUSE-SU-2025:02652-1
SUSE-SU-2025:02673-1
SUSE-SU-2025:02676-1
SUSE-SU-2025:02687-1
SUSE-SU-2025:02688-1
SUSE-SU-2025:02689-1
SUSE-SU-2025:02691-1
SUSE-SU-2025:02693-1
SUSE-SU-2025:02697-1
SUSE-SU-2025:02698-1
SUSE-SU-2025:02704-1
SUSE-SU-2025:02708-1
SUSE-SU-2025:02710-1
SUSE-SU-2025:02858-1
SUSE-SU-2025:02942-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025:20568-1
SUSE-SU-2025:20569-1
SUSE-SU-2025:20570-1
SUSE-SU-2025:20572-1
SUSE-SU-2025:20573-1
SUSE-SU-2025:20574-1
SUSE-SU-2025:20575-1
SUSE-SU-2025:20576-1
SUSE-SU-2025:20578-1
SUSE-SU-2025:20579-1
SUSE-SU-2025:20580-1
SUSE-SU-2025:20581-1
SUSE-SU-2025:20582-1
SUSE-SU-2025:20583-1
SUSE-SU-2025:20584-1
SUSE-SU-2025:20610-1
SUSE-SU-2025:20611-1
SUSE-SU-2025:20612-1
SUSE-SU-2025:20613-1
SUSE-SU-2025:20614-1
SUSE-SU-2025:20615-1
SUSE-SU-2025:20616-1
SUSE-SU-2025:20620-1
SUSE-SU-2025:20621-1
SUSE-SU-2025:20622-1
SUSE-SU-2025:20623-1
SUSE-SU-2025:20624-1
SUSE-SU-2025:20625-1
SUSE-SU-2025:2264-1
SUSE-SU-2025:4123-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01972-1
SUSE-SU-2025_01983-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02099-1
SUSE-SU-2025_02264-1
SUSE-SU-2025_02308-1
SUSE-SU-2025_02537-1
USN-7428-1
USN-7428-2
USN-7429-1
USN-7429-2
USN-7445-1
USN-7448-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7455-1
USN-7455-2
USN-7455-3
USN-7455-4
USN-7455-5
USN-7459-1
USN-7459-2
USN-7460-1
USN-7461-1
USN-7461-2
USN-7461-3
USN-7462-1
USN-7462-2
USN-7463-1
USN-7468-1
USN-7475-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu