CVE-2025-37823

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-37823
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/11bccb054c1462fb069219f8e98e97a5a730758e Patch
https://git.kernel.org/stable/c/2f46d14919c39528c6e540ebc43f90055993eedc Patch
https://git.kernel.org/stable/c/68f256305ceb426d545a0dc31f83c2ab1d211a1e Patch
https://git.kernel.org/stable/c/6ccbda44e2cc3d26fd22af54c650d6d5d801addf Patch
https://git.kernel.org/stable/c/76c4c22c2437d3d3880efc0f62eca06ef078d290 Patch
https://git.kernel.org/stable/c/c6936266f8bf98a53f28ef9a820e6a501e946d09 Patch
https://git.kernel.org/stable/c/c6f035044104c6ff656f4565cd22938dc892528c Patch
https://git.kernel.org/stable/c/da7936518996d290e2fcfcaf6cd7e15bfd87804a Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-05-08 07:15

Updated : 2025-11-10 15:52

NVD link : CVE-2025-37823

Mitre link : CVE-2025-37823

CVE.ORG link : CVE-2025-37823

JSON object : View

Products Affected

debian

  • debian_linux

linux

  • linux_kernel
CWE
CWE-416

Use After Free