Wind River Support Network

HomeDefectsLIN1024-10013
Acknowledged

LIN1024-10013 : Security Advisory - linux - CVE-2025-38083

Created: Jun 23, 2025    Updated: Jun 26, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]net_sched: prio: fix a race in prio_tune()[EOL][EOL]Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer[EOL]fires at the wrong time.[EOL][EOL]The race is as follows:[EOL][EOL]CPU 0                                 CPU 1[EOL][1]: lock root[EOL][2]: qdisc_tree_flush_backlog()[EOL][3]: unlock root[EOL]  ([EOL) |                                    5]: lock root[EOL]  (                                    [6): rehashEOL]  (                                    [7): qdisc_tree_reduce_backlog()EOL]  ([EOL)4]: qdisc_put()[EOL][EOL]This can be abused to underflow a parent's qlen.[EOL][EOL]Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()[EOL]should fix the race, because all packets will be purged from the qdisc[EOL]before releasing the lock.

CREATE(Triage):(User=admin) [CVE-2025-38083 (https://nvd.nist.gov/vuln/detail/CVE-2025-38083)
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube