Linux Kernel Double List Addition Vulnerability in net_sched Component

Vulnerability

A vulnerability has been identified in the Linux kernel's net_sched component, specifically within the deficit round robin (drr) scheduling class. This issue arises when a netem (network emulator) child queuing discipline (qdisc) causes the parent qdisc's enqueue callback to be reentrant. Although this reentrancy does not lead to a use-after-free condition, it allows the same classifier to be added to the active list twice, resulting in memory corruption. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to memory corruption due to the same classifier being added to the active list multiple times.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Double List Addition Vulnerability in net_sched Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating