Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-37797
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-02 May, 2025 | 14:16
Updated At-03 Nov, 2025 | 19:55
Rejected At-
▼CVE Numbering Authority (CNA)
net_sched: hfsc: Fix a UAF vulnerability in class handling

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or codel. The vulnerability works as follows: 1. hfsc_change_class() checks if a class has packets (q.qlen != 0) 2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g., codel, netem) might drop packets and empty the queue 3. The code continues assuming the queue is still non-empty, adding the class to vttree 4. This breaks HFSC scheduler assumptions that only non-empty classes are in vttree 5. Later, when the class is destroyed, this can lead to a Use-After-Free The fix adds a second queue length check after qdisc_peek_len() to verify the queue wasn't emptied.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/sched/sch_hfsc.c
Default Status
unaffected
Versions
Affected
  • From 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14 before 28b09a067831f7317c3841812276022d6c940677 (git)
  • From 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14 before 39b9095dd3b55d9b2743df038c32138efa34a9de (git)
  • From 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14 before fcc8ede663569c704fb00a702973bd6c00373283 (git)
  • From 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14 before 20d584a33e480ae80d105f43e0e7b56784da41b9 (git)
  • From 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14 before 3aa852e3605000d5c47035c3fc3a986d14ccfa9f (git)
  • From 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14 before 86cd4641c713455a4f1c8e54c370c598c2b1cee0 (git)
  • From 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14 before bb583c88d23b72d8d16453d24856c99bd93dadf5 (git)
  • From 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14 before 3df275ef0a6ae181e8428a6589ef5d5231e58b5c (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/sched/sch_hfsc.c
Default Status
affected
Versions
Affected
  • 4.14
Unaffected
  • From 0 before 4.14 (semver)
  • From 5.4.293 through 5.4.* (semver)
  • From 5.10.237 through 5.10.* (semver)
  • From 5.15.181 through 5.15.* (semver)
  • From 6.1.136 through 6.1.* (semver)
  • From 6.6.89 through 6.6.* (semver)
  • From 6.12.26 through 6.12.* (semver)
  • From 6.14.5 through 6.14.* (semver)
  • From 6.15 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/28b09a067831f7317c3841812276022d6c940677
N/A
https://git.kernel.org/stable/c/39b9095dd3b55d9b2743df038c32138efa34a9de
N/A
https://git.kernel.org/stable/c/fcc8ede663569c704fb00a702973bd6c00373283
N/A
https://git.kernel.org/stable/c/20d584a33e480ae80d105f43e0e7b56784da41b9
N/A
https://git.kernel.org/stable/c/3aa852e3605000d5c47035c3fc3a986d14ccfa9f
N/A
https://git.kernel.org/stable/c/86cd4641c713455a4f1c8e54c370c598c2b1cee0
N/A
https://git.kernel.org/stable/c/bb583c88d23b72d8d16453d24856c99bd93dadf5
N/A
https://git.kernel.org/stable/c/3df275ef0a6ae181e8428a6589ef5d5231e58b5c
N/A
Hyperlink: https://git.kernel.org/stable/c/28b09a067831f7317c3841812276022d6c940677
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/39b9095dd3b55d9b2743df038c32138efa34a9de
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/fcc8ede663569c704fb00a702973bd6c00373283
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/20d584a33e480ae80d105f43e0e7b56784da41b9
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/3aa852e3605000d5c47035c3fc3a986d14ccfa9f
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/86cd4641c713455a4f1c8e54c370c598c2b1cee0
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/bb583c88d23b72d8d16453d24856c99bd93dadf5
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/3df275ef0a6ae181e8428a6589ef5d5231e58b5c
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
N/A
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Resource: N/A
Details not found