Linux Kernel HTB Queue Length Notification Idempotence Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Hierarchical Token Bucket (HTB) scheduling class has been addressed. The issue arose because the function 'htb_qlen_notify()' was not idempotent; it always deactivated the HTB class, potentially triggering a warning if the class was already deactivated. This behavior was problematic for callers like 'fq_codel_dequeue()'. The function has now been modified to be idempotent, improving compatibility with 'qdisc_tree_reduce_backlog()' callers.

Impact

The vulnerability could lead to improper handling of the HTB class state, causing potential warnings and disrupting the expected behavior of queue management functions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel HTB Queue Length Notification Idempotence Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating