CVE-2025-38568

Опубликовано: 19 авг. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing

TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This leads to a 4-byte out-of-bounds stack write in the fp[] array, which only has room for 16 elements (0–15).

Fix this by changing the policy to allow only up to TC_QOPT_MAX_QUEUE - 1.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.4 (включая) до 6.6.102 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.7 (включая) до 6.12.42 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.13 (включая) до 6.15.10 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.16 (включая) до 6.16.1 (исключая)

EPSS

Процентиль: 4%

0.00018

Низкий

7.8 High

CVSS3

Дефекты

CWE-787

Связанные уязвимости

CVE-2025-38568

CVSS3: 7.8

ubuntu

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This leads to a 4-byte out-of-bounds stack write in the fp[] array, which only has room for 16 elements (0–15). Fix this by changing the policy to allow only up to TC_QOPT_MAX_QUEUE - 1.

CVE-2025-38568

CVSS3: 4.7

redhat

4 месяца назад

CVE-2025-38568

CVSS3: 7.8

msrc

4 месяца назад

net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing

CVE-2025-38568

CVSS3: 7.8

debian

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: n ...

GHSA-4rpm-cvm4-wfmq

CVSS3: 7.8

github

4 месяца назад

EPSS

Процентиль: 4%

0.00018

Низкий

7.8 High

CVSS3

Дефекты

CWE-787