CVE-2025-38177

{"id": "CVE-2025-38177", "cveTags": [], "metrics": {}, "published": "2025-07-04T13:15:24.033", "references": [{"url": "https://git.kernel.org/stable/c/0475c85426b18eccdcb7f9fb58d8f8e9c6c58c87", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/51eb3b65544c9efd6a1026889ee5fb5aa62da3bb", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/72c61ffbeeb8c50f6d4d70c65d3283aa1bac57a7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9030a91235ae4845ec71902c3e0cecfc9ed1f2df", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9a5fd5c2f4d4afdd5e405083ee53e0789ce76956", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a5efc95a33bd4fcb879250852828cc58c7862970", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c1175c4ad01dbc9c979d099861fa90a754f72059", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d06476714d2819b550e0cc39222347e2c8941c9d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_hfsc: make hfsc_qlen_notify() idempotent\n\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let's make it idempotent\nto ease qdisc_tree_reduce_backlog() callers' life:\n\n1. update_vf() decreases cl->cl_nactive, so we can check whether it is\nnon-zero before calling it.\n\n2. eltree_remove() always removes RB node cl->el_node, but we can use\n RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sch_hfsc: hace que hfsc_qlen_notify() sea idempotente. hfsc_qlen_notify() tampoco es idempotente y no es compatible con quienes lo llaman, como fq_codel_dequeue(). Vamos a convertirlo en idempotente para simplificar la tarea de quienes llaman a qdisc_tree_reduce_backlog(): 1. update_vf() reduce cl->cl_nactive, lo que permite comprobar si es distinto de cero antes de llamarlo. 2. eltree_remove() siempre elimina el nodo RB cl->el_node, pero podemos usar RB_EMPTY_NODE() + RB_CLEAR_NODE() para hacerlo seguro."}], "lastModified": "2025-11-03T20:18:46.777", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}