Acknowledged
Created: Oct 29, 2025
Updated: Nov 4, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]net/sched: sch_qfq: Fix null-deref in agg_dequeue[EOL][EOL]To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c)[EOL]when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return[EOL]value before using it, similar to the existing approach in sch_hfsc.c.[EOL][EOL]To avoid code duplication, the following changes are made:[EOL][EOL]1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static[EOL]inline function.[EOL][EOL]2. Moved qdisc_peek_len from net/sched/sch_hfsc.c to[EOL]include/net/pkt_sched.h so that sch_qfq can reuse it.[EOL][EOL]3. Applied qdisc_peek_len in agg_dequeue to avoid crashing.
