Linux Kernel netem Update Backlog Handling Vulnerability Leading to Use-After-Free

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's netem module. The issue arises because the backlog of the child queuing discipline (qdisc) is not properly managed before notifying the parent qdisc. This oversight can cause the parent qdisc to miss important updates, particularly in the Deficit Round Robin (DRR) scheduling algorithm, which relies on these notifications to function correctly.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel netem Update Backlog Handling Vulnerability Leading to Use-After-Free

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating