CVE-2025-38477

{"id": "CVE-2025-38477", "cveTags": [], "metrics": {}, "published": "2025-07-28T12:15:29.617", "references": [{"url": "https://git.kernel.org/stable/c/466e10194ab81caa2ee6a332d33ba16bcceeeba6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5e28d5a3f774f118896aec17a3a20a9c5c9dfc64", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a6d735100f602c830c16d69fb6d780eebd8c9ae1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c000a3a330d97f6c073ace5aa5faf94b9adb4b79", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fbe48f06e64134dfeafa89ad23387f66ebca3527", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when 'agg' is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/sched: sch_qfq: Correcci\u00f3n de la condici\u00f3n de ejecuci\u00f3n en qfq_aggregate. Una condici\u00f3n de ejecuci\u00f3n puede ocurrir cuando se modifica 'agg' en qfq_change_agg (llamado durante qfq_enqueue) mientras otros subprocesos acceden a \u00e9l simult\u00e1neamente. Por ejemplo, qfq_dump_class puede desencadenar una desreferencia a NULL y qfq_delete_class puede causar un use-after-free. Este parche soluciona el problema mediante: 1. El traslado de qfq_destroy_class a la secci\u00f3n cr\u00edtica. 2. La adici\u00f3n de la protecci\u00f3n sch_tree_lock a qfq_dump_class y qfq_dump_class_stats."}], "lastModified": "2025-07-29T14:14:29.590", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}