Wind River Support Network

HomeDefectsLIN1022-16303
Acknowledged

LIN1022-16303 : Security Advisory - linux - CVE-2025-38107

Created: Jul 3, 2025    Updated: Jul 8, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]net_sched: ets: fix a race in ets_qdisc_change()[EOL][EOL]Gerrard Tai reported a race condition in ETS, whenever SFQ perturb timer[EOL]fires at the wrong time.[EOL][EOL]The race is as follows:[EOL][EOL]CPU 0                                 CPU 1[EOL][1]: lock root[EOL][2]: qdisc_tree_flush_backlog()[EOL][3]: unlock root[EOL]  ([EOL) |                                    5]: lock root[EOL]  (                                    [6): rehashEOL]  (                                    [7): qdisc_tree_reduce_backlog()EOL]  ([EOL)4]: qdisc_put()[EOL][EOL]This can be abused to underflow a parent's qlen.[EOL][EOL]Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()[EOL]should fix the race, because all packets will be purged from the qdisc[EOL]before releasing the lock.

CREATE(Triage):(User=lchen-cn) [CVE-2025-38107 (https://nvd.nist.gov/vuln/detail/CVE-2025-38107)
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube