CVE-2025-38477
Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, qfq_dump_class may trigger a NULL dereference, and qfq_delete_class may cause a use-after-free. This patch addresses the issue by: 1. Moved qfq_destroy_class into the critical section. 2. Added sch_tree_lock protection to qfq_dump_class and qfq_dump_class_stats.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Linux kernel Affected 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 6.16 | Affected | โ |
| โ | Affected | 5.4.297 |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Debian Mixed 6 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.12.41-1 |
| sid | Fixed | 6.16.3-1 |
| forky | Fixed | 6.16.3-1 |
| bullseye | Fixed | 5.10.244-1 |
| bookworm | Fixed | 6.1.147-1 |
| 11.0 | Affected | โ |
Red Hat Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
References
- https://git.kernel.org/stable/c/466e10194ab81caa2ee6a332d33ba16bcceeeba6
- https://git.kernel.org/stable/c/5e28d5a3f774f118896aec17a3a20a9c5c9dfc64
- https://git.kernel.org/stable/c/a6d735100f602c830c16d69fb6d780eebd8c9ae1
- https://git.kernel.org/stable/c/aa7a22c4d678bf649fd3a1d27debec583563414d
- https://git.kernel.org/stable/c/c000a3a330d97f6c073ace5aa5faf94b9adb4b79
- https://git.kernel.org/stable/c/c6df794000147a3a02f79984aada4ce83f8d0a1e
- https://git.kernel.org/stable/c/d841aa5518508ab195b6781ad0d73ee378d713dd
- https://git.kernel.org/stable/c/fbe48f06e64134dfeafa89ad23387f66ebca3527
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://errata.rockylinux.org/RLSA-2025:15008
- https://www.suse.com/security/cve/CVE-2025-38477.html
- https://security-tracker.debian.org/tracker/CVE-2025-38477
- https://access.redhat.com/errata/RHSA-2025:15008
- https://bugzilla.redhat.com/2376406
- https://bugzilla.redhat.com/2379246
- https://bugzilla.redhat.com/2383509
- https://bugzilla.redhat.com/2383922
- https://errata.almalinux.org/8/ALSA-2025-15008.html
CWEs
CWE-362
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.