vulnerability

Red Hat: CVE-2025-38477: kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate (Multiple Advisories)

Name: Red Hat: CVE-2025-38477: kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate (Multiple Advisories)
Creator: Red Hat
Published: 2025-07-28T00:00:00.000Z
Keywords: CVE, CWE-362, Red Hat, 2025, 38477, kernel, redhat-upgrade-kernel, Severity 6

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:P/A:C)

Published

Jul 28, 2025

Added

Jul 31, 2025

Modified

Jun 17, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_qfq: Fix race condition on qfq_aggregate

A race condition can occur when 'agg' is modified in qfq_change_agg
(called during qfq_enqueue) while other threads access it
concurrently. For example, qfq_dump_class may trigger a NULL
dereference, and qfq_delete_class may cause a use-after-free.

This patch addresses the issue by:

1. Moved qfq_destroy_class into the critical section.

2. Added sch_tree_lock protection to qfq_dump_class and
qfq_dump_class_stats.

Solution

redhat-upgrade-kernel

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report