Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-21703

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-18 Feb, 2025 | 14:37
Updated At-04 May, 2025 | 07:19
Rejected At-
Credits

netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()

In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it would miss the opportunity to call cops->qlen_notify(), in the case of DRR, it resulted in UAF since DRR uses ->qlen_notify() to maintain its active list.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:18 Feb, 2025 | 14:37
Updated At:04 May, 2025 | 07:19
Rejected At:
▼CVE Numbering Authority (CNA)
netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()

In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it would miss the opportunity to call cops->qlen_notify(), in the case of DRR, it resulted in UAF since DRR uses ->qlen_notify() to maintain its active list.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/sched/sch_netem.c
Default Status
unaffected
Versions
Affected
  • From 83c6ab12f08dcc09d4c5ac86fdb89736b28f1d31 before e395fec75ac2dbffc99b4bce57b7f1f3c5449f2c (git)
  • From 216509dda290f6db92c816dd54b83c1df9da9e76 before 7f31d74fcc556a9166b1bb20515542de7bb939d1 (git)
  • From c2047b0e216c8edce227d7c42f99ac2877dad0e4 before 98a2c685293aae122f688cde11d9334dddc5d207 (git)
  • From 10df49cfca73dfbbdb6c4150d859f7e8926ae427 before 7b79ca9a1de6a428d486ff52fb3d602321c08f55 (git)
  • From 3824c5fad18eeb7abe0c4fc966f29959552dca3e before 1f8e3f4a4b8b90ad274dfbc66fc7d55cb582f4d5 (git)
  • From 356078a5c55ec8d2061fcc009fb8599f5b0527f9 before 6312555249082d6d8cc5321ff725df05482d8b83 (git)
  • From f8d4bc455047cf3903cd6f85f49978987dbb3027 before 839ecc583fa00fab785fde1c85a326743657fd32 (git)
  • From f8d4bc455047cf3903cd6f85f49978987dbb3027 before 638ba5089324796c2ee49af10427459c2de35f71 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/sched/sch_netem.c
Default Status
affected
Versions
Affected
  • 6.13
Unaffected
  • From 0 before 6.13 (semver)
  • From 5.4.291 through 5.4.* (semver)
  • From 5.10.235 through 5.10.* (semver)
  • From 5.15.179 through 5.15.* (semver)
  • From 6.1.129 through 6.1.* (semver)
  • From 6.6.78 through 6.6.* (semver)
  • From 6.12.14 through 6.12.* (semver)
  • From 6.13.3 through 6.13.* (semver)
  • From 6.14 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/e395fec75ac2dbffc99b4bce57b7f1f3c5449f2c
N/A
https://git.kernel.org/stable/c/7f31d74fcc556a9166b1bb20515542de7bb939d1
N/A
https://git.kernel.org/stable/c/98a2c685293aae122f688cde11d9334dddc5d207
N/A
https://git.kernel.org/stable/c/7b79ca9a1de6a428d486ff52fb3d602321c08f55
N/A
https://git.kernel.org/stable/c/1f8e3f4a4b8b90ad274dfbc66fc7d55cb582f4d5
N/A
https://git.kernel.org/stable/c/6312555249082d6d8cc5321ff725df05482d8b83
N/A
https://git.kernel.org/stable/c/839ecc583fa00fab785fde1c85a326743657fd32
N/A
https://git.kernel.org/stable/c/638ba5089324796c2ee49af10427459c2de35f71
N/A
Hyperlink: https://git.kernel.org/stable/c/e395fec75ac2dbffc99b4bce57b7f1f3c5449f2c
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/7f31d74fcc556a9166b1bb20515542de7bb939d1
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/98a2c685293aae122f688cde11d9334dddc5d207
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/7b79ca9a1de6a428d486ff52fb3d602321c08f55
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/1f8e3f4a4b8b90ad274dfbc66fc7d55cb582f4d5
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/6312555249082d6d8cc5321ff725df05482d8b83
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/839ecc583fa00fab785fde1c85a326743657fd32
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/638ba5089324796c2ee49af10427459c2de35f71
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:18 Feb, 2025 | 15:15
Updated At:24 Mar, 2025 | 17:38

In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it would miss the opportunity to call cops->qlen_notify(), in the case of DRR, it resulted in UAF since DRR uses ->qlen_notify() to maintain its active list.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.4.288(inclusive) to 5.4.291(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.10.232(inclusive) to 5.10.235(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.15.175(inclusive) to 5.15.179(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.1.121(inclusive) to 6.1.129(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.6.67(inclusive) to 6.6.78(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.12.6(inclusive) to 6.12.14(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.13(inclusive) to 6.13.3(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.14
cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-416
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/1f8e3f4a4b8b90ad274dfbc66fc7d55cb582f4d5416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/6312555249082d6d8cc5321ff725df05482d8b83416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/638ba5089324796c2ee49af10427459c2de35f71416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/7b79ca9a1de6a428d486ff52fb3d602321c08f55416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/7f31d74fcc556a9166b1bb20515542de7bb939d1416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/839ecc583fa00fab785fde1c85a326743657fd32416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/98a2c685293aae122f688cde11d9334dddc5d207416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/e395fec75ac2dbffc99b4bce57b7f1f3c5449f2c416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Hyperlink: https://git.kernel.org/stable/c/1f8e3f4a4b8b90ad274dfbc66fc7d55cb582f4d5
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/6312555249082d6d8cc5321ff725df05482d8b83
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/638ba5089324796c2ee49af10427459c2de35f71
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/7b79ca9a1de6a428d486ff52fb3d602321c08f55
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/7f31d74fcc556a9166b1bb20515542de7bb939d1
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/839ecc583fa00fab785fde1c85a326743657fd32
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/98a2c685293aae122f688cde11d9334dddc5d207
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/e395fec75ac2dbffc99b4bce57b7f1f3c5449f2c
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found