#VU112225 Improper locking in Linux kernel - CVE-2025-38108
Published: July 4, 2025
Vulnerability identifier: #VU112225
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38108
CWE-ID: CWE-667
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __red_change() function in net/sched/sch_red.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/110a47efcf23438ff8d31dbd9c854fae2a48bf98
- https://git.kernel.org/stable/c/2790c4ec481be45a80948d059cd7c9a06bc37493
- https://git.kernel.org/stable/c/2a71924ca4af59ffc00f0444732b6cd54b153d0e
- https://git.kernel.org/stable/c/444ad445df5496a785705019268a8a84b84484bb
- https://git.kernel.org/stable/c/4b755305b2b0618e857fdadb499365b5f2e478d1
- https://git.kernel.org/stable/c/85a3e0ede38450ea3053b8c45d28cf55208409b8
- https://git.kernel.org/stable/c/a1bf6a4e9264a685b0e642994031f9c5aad72414
- https://git.kernel.org/stable/c/f569984417a4e12c67366e69bdcb752970de921d