Linux Kernel QFQ Scheduler Memory Corruption Vulnerability

Vulnerability

A vulnerability in the Linux kernel's QFQ (Queue Fairness Queue) scheduler has been addressed. This issue arose because a netem (network emulation) child queuing discipline could make the enqueue callback of its parent qdisc (queuing discipline) reentrant. While this did not lead to a use-after-free condition, it caused the same classifier to be added to the list twice, resulting in memory corruption. The vulnerability has been fixed by adding a check to ensure that the class was not already active before adding it to the list.

Impact

The vulnerability could lead to memory corruption by allowing the same classifier to be added multiple times, disrupting memory management and potentially causing instability or unexpected behavior in the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel QFQ Scheduler Memory Corruption Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating