Vulnerability Lookup

🛡️ CVE-2025-37953

🟡 CVSS 5.5 — Medium ✅ No Known Exploit CWE-476 NVD

5.5

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_deactivate() idempotent Alan reported a NULL pointer dereference in htb_next_rb_node() after we made htb_qlen_notify() idempotent. It turns out in the following case it introduced some regression: htb_dequeue_tree(): |-> fq_codel_dequeue() |-> qdisc_tree_reduce_backlog() |-> htb_qlen_notify() |-> htb_deactivate() |-> htb_next_rb_node() |-> htb_deactivate() For htb_next_rb_node(), after calling the 1st htb_deactivate(), the clprio[prio]->ptr could be already set to NULL, which means htb_next_rb_node() is vulnerable here. For htb_deactivate(), although we checked qlen before calling it, in case of qlen==0 after qdisc_tree_reduce_backlog(), we may call it again which triggers the warning inside. To fix the issues here, we need to: 1) Make htb_deactivate() idempotent, that is, simply return if we already call it before. 2) Make htb_next_rb_node() safe against ptr==NULL. Many thanks to Alan for testing and for the reproducer.

Details

Severity MEDIUM

CVSS Score 5.5

CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE CWE-476

Public Exploit ✅ No

Source NVD

Published 2025-05-20

Updated 2026-06-02

Modified 2025-12-17

Fix URL https://git.kernel.org/stable/c/31ff70ad39485698cf779f2078132d80b57f6c07

Affected Packages

Software	From version	Fixed in
debian-linux	—	—
linux-kernel	—	—

References

Patch https://git.kernel.org/stable/c/31ff70ad39485698cf779f2078132d80b57f6c07

Patch https://git.kernel.org/stable/c/3769478610135e82b262640252d90f6efb05be71

Patch https://git.kernel.org/stable/c/98cd7ed92753090a714f0802d4434314526fe61d

Patch https://git.kernel.org/stable/c/99ff8a20fd61315bf9ae627440a5ff07d22ee153

Patch https://git.kernel.org/stable/c/a9945f7cf1709adc5d2d31cb6cfc85627ce299a8

Patch https://git.kernel.org/stable/c/c2d25fddd867ce20a266806634eeeb5c30cb520c

Patch https://git.kernel.org/stable/c/c4792b9e38d2f61b07eac72f10909fa76130314b

Patch https://git.kernel.org/stable/c/c928dd4f6bf0c25c72b11824a1e9ac9bd37296a0

Third Party Advisory https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

🔗 NVD 🔗 Mitre ✅ Fix / Advisory

Similar Threats

Site Security Check

Concerned your site may already be targeted?

BotEraser analyzes incoming traffic patterns and helps identify bot behavior consistent with known exploit attempts.

Check My Site Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Concerned your site may already be targeted?

Company

Resources

Services

Trusted

Subscribe