CVE-2025-38568

19.08.2025, 17:15

In the Linux kernel, the following vulnerability has been resolved:

net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing

TCA_MQPRIO_TC_ENTRY_INDEX is validated using
NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value
TC_QOPT_MAX_QUEUE (16). This leads to a 4-byte out-of-bounds stack
write in the fp[] array, which only has room for 16 elements (015).

Fix this by changing the policy to allow only up to TC_QOPT_MAX_QUEUE - 1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bookworm	6.1.137-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm (security)	6.1.147-1 fixed
trixie (security)	vulnerable
forky	vulnerable
sid	vulnerable
trixie	vulnerable

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuführen.
Published: 2025-08-19T22:00:00+00:00

References

https://git.kernel.org/stable/c/39491e859fd494d0b51adc5c7d54c8a7dcf1d198

https://git.kernel.org/stable/c/66fc2ebdd9d5dd6e5a9c7edeace5a61a0ab2cd86

https://git.kernel.org/stable/c/d00e4125680f7074c4f42ce3c297336f23128e70

https://git.kernel.org/stable/c/f1a9dbcb7d17bf0abb325cdc984957cfabc59693

https://git.kernel.org/stable/c/ffd2dc4c6c49ff4f1e5d34e454a6a55608104c17