#VU108391 Input validation error in Linux kernel - CVE-2025-37797
Published: May 2, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU108391
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-37797
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_change_class() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/20d584a33e480ae80d105f43e0e7b56784da41b9
- https://git.kernel.org/stable/c/28b09a067831f7317c3841812276022d6c940677
- https://git.kernel.org/stable/c/39b9095dd3b55d9b2743df038c32138efa34a9de
- https://git.kernel.org/stable/c/3aa852e3605000d5c47035c3fc3a986d14ccfa9f
- https://git.kernel.org/stable/c/3df275ef0a6ae181e8428a6589ef5d5231e58b5c
- https://git.kernel.org/stable/c/86cd4641c713455a4f1c8e54c370c598c2b1cee0
- https://git.kernel.org/stable/c/bb583c88d23b72d8d16453d24856c99bd93dadf5
- https://git.kernel.org/stable/c/fcc8ede663569c704fb00a702973bd6c00373283
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.181