SB2025052130 - NULL pointer dereference in Linux kernel sched
Published: May 21, 2025
Security Bulletin ID
SB2025052130
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-37953)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the htb_add_to_wait_tree(), htb_activate(), htb_qlen_notify(), htb_delete() and htb_change_class() functions in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/31ff70ad39485698cf779f2078132d80b57f6c07
- https://git.kernel.org/stable/c/3769478610135e82b262640252d90f6efb05be71
- https://git.kernel.org/stable/c/98cd7ed92753090a714f0802d4434314526fe61d
- https://git.kernel.org/stable/c/c4792b9e38d2f61b07eac72f10909fa76130314b
- https://git.kernel.org/stable/c/c928dd4f6bf0c25c72b11824a1e9ac9bd37296a0