TopVuln

High-risk vulnerability digests

CVE-2025-37797

  • HIGH

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Details

CVSS v3
7.8
NVD published
2025-05-02 15:15:48
EPSS
<0.1% probability · 24.1th percentile — 2026-04-22
Affected versions
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:4.14:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:4.14:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:4.14:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:4.14:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:4.14:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:4.14:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:4.14:rc7:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:4.14:rc8:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Summary
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or codel. The vulnerability works as follows: 1. hfsc_change_class() checks if a class has packets (q.qlen != 0) 2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g., codel, netem) might drop packets and empty the queue 3. The code continues assuming the queue is still non-empty, adding the class to vttree 4. This breaks HFSC scheduler assumptions that only non-empty classes are in vttree 5. Later, when the class is destroyed, this can lead to a Use-After-Free The fix adds a second queue length check after qdisc_peek_len() to verify the queue wasn't emptied.
Remediation
Not available in our cache.
Exploit info
Not available in our cache.

View on NVD

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.