Описание
In the Linux kernel, the following vulnerability has been resolved:
net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag
This is more of a preventive patch to make the code more consistent and
to prevent possible exploits that employ child qlen manipulations on qfq.
use cl_is_active instead of relying on the child qdisc's qlen to determine
class activation.
A flaw was found in the Linux kernel's Quick Fair Queuing (QFQ) scheduler. The QFQ class deactivation logic incorrectly relies on a child qdisc's queue length (qlen) to determine if a class is active. A local user with CAP_NET_ADMIN capabilities can manipulate the child qlen into an unexpected state. This manipulation can destabilize the scheduling behavior, leading to traffic disruption or a Denial of Service (DoS) in the networking stack.
Отчет
QFQ class deactivation logic used a child qdisc qlen check to decide whether a class is active. If a child qlen can be manipulated into an unexpected state then QFQ may deactivate or keep a class in an inconsistent way which can destabilize scheduling behavior. This can lead to traffic disruption or a denial of service through scheduler inconsistency rather than memory corruption. For the CVSS the PR is L in the paranoid rating because CAP_NET_ADMIN can be delegated in some environments and it is sufficient to create and modify qdiscs. The issue is not directly network reachable because it requires local control plane configuration of traffic control objects. Impact is primarily denial of service in the networking stack and not a confidentiality or integrity breach.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8 | kernel | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq. use cl_is_active instead of relying on the child qdisc's qlen to determine class activation.
In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq. use cl_is_active instead of relying on the child qdisc's qlen to determine class activation.
In the Linux kernel, the following vulnerability has been resolved: n ...
In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq. use cl_is_active instead of relying on the child qdisc's qlen to determine class activation.
ELSA-2026-50145: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS
4.7 Medium
CVSS3