SB2025072935 - NULL pointer dereference in Linux kernel sched
Published: July 29, 2025
Security Bulletin ID
SB2025072935
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38468)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the htb_lookup_leaf() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0e1d5d9b5c5966e2e42e298670808590db5ed628
- https://git.kernel.org/stable/c/3691f84269a23f7edd263e9b6edbc27b7ae332f4
- https://git.kernel.org/stable/c/7ff2d83ecf2619060f30ecf9fad4f2a700fca344
- https://git.kernel.org/stable/c/890a5d423ef0a7bd13447ceaffad21189f557301
- https://git.kernel.org/stable/c/e5c480dc62a3025b8428d4818e722da30ad6804f