CVE-2025-38553 - Vulnerability Details

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00124.

Key SSVC decision points have not yet been added.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Debian Subscribe	Debian Linux Subscribe
Linux Subscribe	Linux Kernel Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-4327-1	linux security update
Debian DLA	DLA-4328-1	linux-6.1 security update
EUVD	EUVD-2025-26107	In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in netem_dequeue, as seen in [1]. Ensure that a duplicating netem cannot exist in a tree with other netems. Previous approaches suggested in discussions in chronological order: 1) Track duplication status or ttl in the sk_buff struct. Considered too specific a use case to extend such a struct, though this would be a resilient fix and address other previous and potential future DOS bugs like the one described in loopy fun [2]. 2) Restrict netem_enqueue recursion depth like in act_mirred with a per cpu variable. However, netem_dequeue can call enqueue on its child, and the depth restriction could be bypassed if the child is a netem. 3) Use the same approach as in 2, but add metadata in netem_skb_cb to handle the netem_dequeue case and track a packet's involvement in duplication. This is an overly complex approach, and Jamal notes that the skb cb can be overwritten to circumvent this safeguard. 4) Prevent the addition of a netem to a qdisc tree if its ancestral path contains a netem. However, filters and actions can cause a packet to change paths when re-enqueued to the root from netem duplication, leading us to the current solution: prevent a duplicating netem from inhabiting the same tree as other netems. [1] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/ [2] https://lwn.net/Articles/719297/
Ubuntu USN	USN-7879-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7879-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7880-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-7879-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7909-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7879-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7909-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7909-3	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7910-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-7909-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7910-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7909-5	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7933-1	Linux kernel (KVM) vulnerabilities
Ubuntu USN	USN-7934-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7938-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8028-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8028-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8031-1	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8028-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8028-4	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8028-5	Linux kernel vulnerabilities
Ubuntu USN	USN-8031-2	Linux kernel (GCP FIPS) vulnerabilities
Ubuntu USN	USN-8028-6	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-8031-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8052-1	Linux kernel (Low Latency) vulnerabilities
Ubuntu USN	USN-8028-7	Linux kernel (Low Latency NVIDIA) vulnerabilities
Ubuntu USN	USN-8028-8	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-8052-2	Linux kernel (Xilinx) vulnerabilities
Ubuntu USN	USN-8074-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8074-2	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8126-1	Linux kernel (Azure) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/09317dfb681ac5a96fc69bea0c54441cf91b8270
https://git.kernel.org/stable/c/103c4e27ec9f5fe53022e46e976abf52c7221baf
https://git.kernel.org/stable/c/250f8796006c0f2bc638ce545f601d49ae8d528b
https://git.kernel.org/stable/c/325f5ec67cc0a77f2d0d453445b9857f1cd06c76
https://git.kernel.org/stable/c/795cb393e38977aa991e70a9363da0ee734b2114
https://git.kernel.org/stable/c/ad340a4b4adb855b18b3666f26ad65c8968e2deb
https://git.kernel.org/stable/c/cab2809944989889f88a1a8b5cff1c78460c72cb
https://git.kernel.org/stable/c/ec8e0e3d7adef940cdf9475e2352c0680189d14e
https://git.kernel.org/stable/c/f088b6ebe8797a3f948d2cae47f34bfb45cc6522
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
https://lore.kernel.org/linux-cve-announce/2025081956-CVE-2025-38553-4ecb@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38553
https://www.cve.org/CVERecord?id=CVE-2025-38553

History

Thu, 18 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in netem_dequeue, as seen in [1]. Ensure that a duplicating netem cannot exist in a tree with other netems. Previous approaches suggested in discussions in chronological order: 1) Track duplication status or ttl in the sk_buff struct. Considered too specific a use case to extend such a struct, though this would be a resilient fix and address other previous and potential future DOS bugs like the one described in loopy fun [2]. 2) Restrict netem_enqueue recursion depth like in act_mirred with a per cpu variable. However, netem_dequeue can call enqueue on its child, and the depth restriction could be bypassed if the child is a netem. 3) Use the same approach as in 2, but add metadata in netem_skb_cb to handle the netem_dequeue case and track a packet's involvement in duplication. This is an overly complex approach, and Jamal notes that the skb cb can be overwritten to circumvent this safeguard. 4) Prevent the addition of a netem to a qdisc tree if its ancestral path contains a netem. However, filters and actions can cause a packet to change paths when re-enqueued to the root from netem duplication, leading us to the current solution: prevent a duplicating netem from inhabiting the same tree as other netems. [1] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/ [2] https://lwn.net/Articles/719297/	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	net/sched: Restrict conditions for adding duplicating netems to qdisc tree	kernel: net/sched: Restrict conditions for adding duplicating netems to qdisc tree

Thu, 08 Jan 2026 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux
Weaknesses		CWE-667
CPEs		cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:2.6.12:-::::::
Vendors & Products		Debian Debian debian Linux
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Mon, 03 Nov 2025 18:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Thu, 28 Aug 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/ad340a4b4adb855b18b3666f26ad65c8968e2deb https://git.kernel.org/stable/c/cab2809944989889f88a1a8b5cff1c78460c72cb https://git.kernel.org/stable/c/f088b6ebe8797a3f948d2cae47f34bfb45cc6522

Thu, 21 Aug 2025 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Tue, 19 Aug 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025081956-CVE-2025-38553-4ecb@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38553 https://www.cve.org/CVERecord?id=CVE-2025-38553
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Tue, 19 Aug 2025 06:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in netem_dequeue, as seen in [1]. Ensure that a duplicating netem cannot exist in a tree with other netems. Previous approaches suggested in discussions in chronological order: 1) Track duplication status or ttl in the sk_buff struct. Considered too specific a use case to extend such a struct, though this would be a resilient fix and address other previous and potential future DOS bugs like the one described in loopy fun [2]. 2) Restrict netem_enqueue recursion depth like in act_mirred with a per cpu variable. However, netem_dequeue can call enqueue on its child, and the depth restriction could be bypassed if the child is a netem. 3) Use the same approach as in 2, but add metadata in netem_skb_cb to handle the netem_dequeue case and track a packet's involvement in duplication. This is an overly complex approach, and Jamal notes that the skb cb can be overwritten to circumvent this safeguard. 4) Prevent the addition of a netem to a qdisc tree if its ancestral path contains a netem. However, filters and actions can cause a packet to change paths when re-enqueued to the root from netem duplication, leading us to the current solution: prevent a duplicating netem from inhabiting the same tree as other netems. [1] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/ [2] https://lwn.net/Articles/719297/
Title		net/sched: Restrict conditions for adding duplicating netems to qdisc tree
References		https://git.kernel.org/stable/c/09317dfb681ac5a96fc69bea0c54441cf91b8270 https://git.kernel.org/stable/c/103c4e27ec9f5fe53022e46e976abf52c7221baf https://git.kernel.org/stable/c/250f8796006c0f2bc638ce545f601d49ae8d528b https://git.kernel.org/stable/c/325f5ec67cc0a77f2d0d453445b9857f1cd06c76 https://git.kernel.org/stable/c/795cb393e38977aa991e70a9363da0ee734b2114 https://git.kernel.org/stable/c/ec8e0e3d7adef940cdf9475e2352c0680189d14e

Projects

Sign in to view the affected projects.

MITRE

Status: REJECTED

Assigner: Linux

Published: 2025-08-19T06:06:53.204Z

Updated: 2026-06-17T18:23:13.354Z

Reserved: 2025-04-16T04:51:24.025Z

Link: CVE-2025-38553

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2025-08-19T06:15:33.407

Modified: 2026-06-17T19:16:25.273

Link: CVE-2025-38553

Redhat

Severity : Important

Publid Date: 2025-08-19T00:00:00Z

Links: CVE-2025-38553 - Bugzilla

OpenCVE Enrichment

Updated: 2025-08-21T12:32:03Z

Weaknesses

CWE-667

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object