Unrated severityNVD Advisory· Published Jul 3, 2025· Updated Nov 3, 2025

net_sched: sch_sfq: fix a potential crash on gso_skb handling

CVE-2025-38115

Description

In the Linux kernel, the following vulnerability has been resolved:

SFQ has an assumption of always being able to queue at least one packet.

However, after the blamed commit, sch->q.len can be inflated by packets in sch->gso_skb, and an enqueue() on an empty SFQ qdisc can be followed by an immediate drop.

Fix sfq_drop() to properly clear q->tail in this situation.

ip netns add lb ip link add dev to-lb type veth peer name in-lb netns lb ethtool -K to-lb tso off # force qdisc to requeue gso_skb ip netns exec lb ethtool -K in-lb gro on # enable NAPI ip link set dev to-lb up ip -netns lb link set dev in-lb up ip addr add dev to-lb 192.168.20.1/24 ip -netns lb addr add dev in-lb 192.168.20.2/24 tc qdisc replace dev to-lb root sfq limit 100

ip netns exec lb netserver

netperf -H 192.168.20.2 -l 100 & netperf -H 192.168.20.2 -l 100 & netperf -H 192.168.20.2 -l 100 & netperf -H 192.168.20.2 -l 100 &

Affected products

Linux/Linux Kernel Rtllm-fuzzy
osv-coords86 versions
pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7 pkg:rpm/suse/kernel-coco_debug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_3&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7 pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_3&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7 pkg:rpm/suse/kernel-source-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7 pkg:rpm/suse/kernel-syms-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_71&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 6.4.0-150600.23.65.1+ 85 more
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150600.8.48.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150600.23.65.1.150600.12.28.4
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150600.10.49.1
- (no CPE)range: < 6.4.0-150600.10.49.1
- (no CPE)range: < 6.4.0-150600.8.48.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150600.10.49.1
- (no CPE)range: < 6.4.0-150600.8.48.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150600.10.49.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150700.53.11.1
- (no CPE)range: < 6.4.0-150600.8.48.1
- (no CPE)range: < 6.4.0-150700.20.11.1
- (no CPE)range: < 6.4.0-15061.28.coco15sp6.1
- (no CPE)range: < 6.4.0-15061.28.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.65.1.150600.12.28.4
- (no CPE)range: < 6.4.0-150700.53.11.1.150700.17.9.4
- (no CPE)range: < 6.4.0-32.1.21.10
- (no CPE)range: < 6.4.0-32.1.21.10
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150700.53.11.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150700.53.11.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150700.53.11.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150700.53.11.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150700.53.11.1
- (no CPE)range: < 6.4.0-32.1
- (no CPE)range: < 6.4.0-32.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150700.53.11.3
- (no CPE)range: < 6.4.0-32.1
- (no CPE)range: < 6.4.0-32.1
- (no CPE)range: < 1-150600.1.5.1
- (no CPE)range: < 1-150600.13.3.4
- (no CPE)range: < 1-150700.1.5.1
- (no CPE)range: < 1-150700.15.3.4
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150700.53.11.1
- (no CPE)range: < 6.4.0-150600.10.49.1
- (no CPE)range: < 6.4.0-35.1
- (no CPE)range: < 6.4.0-35.1
- (no CPE)range: < 6.4.0-150600.10.49.1
- (no CPE)range: < 6.4.0-150700.7.13.1
- (no CPE)range: < 6.4.0-150600.8.48.1
- (no CPE)range: < 6.4.0-150700.20.11.1
- (no CPE)range: < 6.4.0-15061.28.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150700.53.11.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150700.53.11.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 6.4.0-32.1
- (no CPE)range: < 6.4.0-32.1
- (no CPE)range: < 6.4.0-35.1
- (no CPE)range: < 6.4.0-35.1
- (no CPE)range: < 6.4.0-150600.10.49.1
- (no CPE)range: < 6.4.0-150700.7.13.1
- (no CPE)range: < 6.4.0-150600.8.48.1
- (no CPE)range: < 6.4.0-150700.20.11.1
- (no CPE)range: < 6.4.0-15061.28.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150700.53.11.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 6.4.0-150600.10.49.1
- (no CPE)range: < 6.4.0-150700.7.13.1
- (no CPE)range: < 6.4.0-150600.23.65.1
- (no CPE)range: < 6.4.0-150700.53.11.1
- (no CPE)range: < 1-8.3.1
Linux/Linuxcpe-rescue
Range: 4.16

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000