{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T02:27:45.071","vulnerabilities":[{"cve":{"id":"CVE-2025-38107","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-07-03T09:15:24.273","lastModified":"2025-12-16T17:02:47.397","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: fix a race in ets_qdisc_change()\n\nGerrard Tai reported a race condition in ETS, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0                                 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n |                                    [5]: lock root\n |                                    [6]: rehash\n |                                    [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent's qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net_sched: ets: corrige una ejecución en ets_qdisc_change() Gerrard Tai informó de una condición de ejecución en ETS, siempre que el temporizador de perturbación SFQ se dispara en el momento equivocado. La ejecución es la siguiente: CPU 0 CPU 1 [1]: raíz de bloqueo [2]: qdisc_tree_flush_backlog() [3]: raíz de desbloqueo | | [5]: raíz de bloqueo | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() Esto se puede abusar para desbordar el qlen de un padre. Llamar a qdisc_purge_queue() en lugar de qdisc_tree_flush_backlog() debería corregir la ejecución, porque todos los paquetes se purgarán del qdisc antes de liberar el bloqueo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.213","versionEndExcluding":"5.5","matchCriteriaId":"3F878731-43F1-4A9E-A036-18BFE499C6E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.142","versionEndExcluding":"5.10.239","matchCriteriaId":"4FAD8C22-DA06-4F79-A8D2-AB1B56A900B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.66","versionEndExcluding":"5.15.186","matchCriteriaId":"BE850A17-AC1C-491E-B3A5-ED09E1EAEE85"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19.8","versionEndExcluding":"6.0","matchCriteriaId":"57133CA5-FEDB-4D53-B672-E46C2DC0AC5F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.1","versionEndExcluding":"6.1.142","matchCriteriaId":"8A78062F-0E12-479D-872D-6FA9134EBCAE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.94","matchCriteriaId":"304E3F01-7D7A-4908-994E-7F95C5C00B06"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.34","matchCriteriaId":"4FFA54AA-CDFE-4591-BD07-72813D0948F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.15.3","matchCriteriaId":"0541C761-BD5E-4C1A-8432-83B375D7EB92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:*","matchCriteriaId":"7BE551E5-89CF-47A8-9B26-03CE727FBA37"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*","matchCriteriaId":"F8446E87-F5F6-41CA-8201-BAE0F0CA6DD9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.0:rc5:*:*:*:*:*:*","matchCriteriaId":"8E5FB72F-67CE-43CC-83FE-541604D98182"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.0:rc6:*:*:*:*:*:*","matchCriteriaId":"3A0A7397-F5F8-4753-82DC-9A11288E696D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.0:rc7:*:*:*:*:*:*","matchCriteriaId":"E6DE049A-ABA8-41DD-988C-8C088358EE9B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*","matchCriteriaId":"6D4894DB-CCFE-4602-B1BF-3960B2E19A01"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0383b25488a545be168744336847549d4a2d3d6c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/073f64c03516bcfaf790f8edc772e0cfb8a84ec3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0b479d0aa488cb478eb2e1d8868be946ac8afb4f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/347867cb424edae5fec1622712c8dd0a2c42918f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d92adacdd8c2960be856e0b82acc5b7c5395fddb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eb7b74e9754e1ba2088f914ad1f57a778b11894b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fed94bd51d62d2e0e006aa61480e94e5cd0582b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}