Описание
Security update for the Linux Kernel (Live Patch 59 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-150300_59_211 fixes one issue.
The following security issue was fixed:
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
Ссылки
- Link for SUSE-SU-2025:02707-1
- E-Mail link for SUSE-SU-2025:02707-1
- SUSE Security Ratings
- SUSE Bug 1245793
- SUSE CVE CVE-2025-37797 page
Описание
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or codel. The vulnerability works as follows: 1. hfsc_change_class() checks if a class has packets (q.qlen != 0) 2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g., codel, netem) might drop packets and empty the queue 3. The code continues assuming the queue is still non-empty, adding the class to vttree 4. This breaks HFSC scheduler assumptions that only non-empty classes are in vttree 5. Later, when the class is destroyed, this can lead to a Use-After-Free The fix adds a second queue length check after qdisc_peek_len() to verify the queue wasn't emptied.
Затронутые продукты
Ссылки
- CVE-2025-37797
- SUSE Bug 1242417
- SUSE Bug 1245793