In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TC_H_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, this could lead to a crash as reported by Mingi Cho. Prevent the creation of any Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) across all qdisc types, as suggested by Jamal.
2025-04-01T16:15:28.440
2025-11-03T20:17:33.693
Modified
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSSv3.1: 5.5 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | linux | linux_kernel | < 5.4.292 | Yes |
| Operating System | linux | linux_kernel | < 5.10.236 | Yes |
| Operating System | linux | linux_kernel | < 5.15.180 | Yes |
| Operating System | linux | linux_kernel | < 6.1.132 | Yes |
| Operating System | linux | linux_kernel | < 6.6.84 | Yes |
| Operating System | linux | linux_kernel | < 6.12.20 | Yes |
| Operating System | linux | linux_kernel | < 6.13.8 | Yes |
| Operating System | linux | linux_kernel | 2.6.25 | Yes |
| Operating System | linux | linux_kernel | 6.14 | Yes |
| Operating System | linux | linux_kernel | 6.14 | Yes |
| Operating System | linux | linux_kernel | 6.14 | Yes |
| Operating System | linux | linux_kernel | 6.14 | Yes |
| Operating System | linux | linux_kernel | 6.14 | Yes |
| Operating System | linux | linux_kernel | 6.14 | Yes |