CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
Description
In the Linux kernel, the following vulnerability has been resolved:
net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
Similarly to the previous patch, we need to safe guard hfsc_dequeue()
too. But for this one, we don't have a reliable reproducer.
Classification
CVE ID: CVE-2025-37823
Affected Products
Vendor: Linux
Product: Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 7.6% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-37823https://git.kernel.org/stable/c/68f256305ceb426d545a0dc31f83c2ab1d211a1e
https://git.kernel.org/stable/c/2f46d14919c39528c6e540ebc43f90055993eedc
https://git.kernel.org/stable/c/da7936518996d290e2fcfcaf6cd7e15bfd87804a
https://git.kernel.org/stable/c/11bccb054c1462fb069219f8e98e97a5a730758e
https://git.kernel.org/stable/c/76c4c22c2437d3d3880efc0f62eca06ef078d290
https://git.kernel.org/stable/c/c6f035044104c6ff656f4565cd22938dc892528c
https://git.kernel.org/stable/c/c6936266f8bf98a53f28ef9a820e6a501e946d09
https://git.kernel.org/stable/c/6ccbda44e2cc3d26fd22af54c650d6d5d801addf