{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T13:21:24.741","vulnerabilities":[{"cve":{"id":"CVE-2025-38637","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-04-18T07:15:43.823","lastModified":"2025-11-06T21:35:04.217","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: skbprio: Remove overly strict queue assertions\n\nIn the current implementation, skbprio enqueue/dequeue contains an assertion\nthat fails under certain conditions when SKBPRIO is used as a child qdisc under\nTBF with specific parameters. The failure occurs because TBF sometimes peeks at\npackets in the child qdisc without actually dequeuing them when tokens are\nunavailable.\n\nThis peek operation creates a discrepancy between the parent and child qdisc\nqueue length counters. When TBF later receives a high-priority packet,\nSKBPRIO's queue length may show a different value than what's reflected in its\ninternal priority queue tracking, triggering the assertion.\n\nThe fix removes this overly strict assertions in SKBPRIO, they are not\nnecessary at all."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net_sched: skbprio: eliminar aserciones de cola demasiado estrictas En la implementación actual, skbprio enqueue/dequeue contiene una aserción que falla bajo ciertas condiciones cuando SKBPRIO se usa como una qdisc secundaria bajo TBF con parámetros específicos. El fallo se produce porque TBF a veces echa un vistazo a los paquetes en la qdisc secundaria sin realmente sacarlos de la cola cuando los tokens no están disponibles. Esta operación de vistazo crea una discrepancia entre los contadores de longitud de cola de la qdisc primaria y secundaria. Cuando TBF recibe posteriormente un paquete de alta prioridad, la longitud de cola de SKBPRIO puede mostrar un valor diferente al que se refleja en su seguimiento interno de cola de prioridad, lo que activa la aserción. La corrección elimina estas aserciones demasiado estrictas en SKBPRIO, no son necesarias en absoluto."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.4.292","matchCriteriaId":"CD7A1C50-14CD-4ED8-A1DD-9CF78AEE7555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.236","matchCriteriaId":"1DF46FB0-9163-4ABE-8CCA-32A497D4715B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.180","matchCriteriaId":"D19801C8-3D18-405D-9989-E6C9B30255FA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.134","matchCriteriaId":"3985DEC3-0437-4177-BC42-314AB575285A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.87","matchCriteriaId":"EFF24260-49B1-4251-9477-C564CFDAD25B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.23","matchCriteriaId":"26CAB76D-F00F-43CE-BEAD-7097F8FB1D6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.13.11","matchCriteriaId":"E7E864B0-8C00-4679-BA55-659B4C9C3AD3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.14.2","matchCriteriaId":"FADAE5D8-4808-442C-B218-77B2CE8780A0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/034b293bf17c124fec0f0e663f81203b00aa7a50","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1284733bab736e598341f1d3f3b94e2a322864a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1dcc144c322a8d526b791135604c0663f1af9d85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2286770b07cb5268c03d11274b8efd43dff0d380","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2f35b7673a3aa3d09b3eb05811669622ebaa98ca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/32ee79682315e6d3c99947b3f38b078a09a66919","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7abc8318ce0712182bf0783dcfdd9a6a8331160e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/864ca690ff135078d374bd565b9872f161c614bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce8fe975fd99b49c29c42e50f2441ba53112b2e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}