#VU113300 Improper error handling in Linux kernel - CVE-2025-38457
Published: July 27, 2025
Vulnerability identifier: #VU113300
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38457
CWE-ID: CWE-388
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qdisc_leaf(), tc_get_qdisc() and NL_SET_ERR_MSG() functions in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/23c165dde88eac405eebb59051ea1fe139a45803
- https://git.kernel.org/stable/c/25452638f133ac19d75af3f928327d8016952c8e
- https://git.kernel.org/stable/c/4c691d1b6b6dbd73f30ed9ee7da05f037b0c49af
- https://git.kernel.org/stable/c/8ecd651ef24ab50123692a4e3e25db93cb11602a
- https://git.kernel.org/stable/c/90436e72c9622c2f70389070088325a3232d339f
- https://git.kernel.org/stable/c/923a276c74e25073ae391e930792ac86a9f77f1e
- https://git.kernel.org/stable/c/e28a383d6485c3bb51dc5953552f76c4dea33eea
- https://git.kernel.org/stable/c/ffdde7bf5a439aaa1955ebd581f5c64ab1533963