Primary

Context

Linux Kernel U32 Classifier TCF Bind Filter Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's U32 classifier can lead to improper handling of filter bindings. When the function 'u32_replace_hw_knode' fails, the corresponding 'tcf_bind_filter' operation needs to be undone. This issue is present in the Linux kernel stable tree.

Impact

The vulnerability can cause incorrect filter management, potentially leading to unexpected behavior in traffic control operations.

Reproduction

The vulnerability can be reproduced by binding a filter to a U32 knode and then causing the 'u32_replace_hw_knode' function to fail. This will result in the 'tcf_bind_filter' operation not being properly undone, creating a mismatch in filter management.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.

Added: Oct 24, 2025, 12:20 PM

Updated: Oct 24, 2025, 12:20 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

7.7

relevance

0.8

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

7.7

relevance

0.8

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel U32 Classifier TCF Bind Filter Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating