Linux Kernel HFSC Queue Length Accounting Vulnerability

A vulnerability in the Linux kernel's Hierarchical Fair Service Curve (HFSC) scheduling class has been addressed. The issue arose in the hfsc_enqueue() function, where the queue length and backlog statistics were not properly updated before the function called the child queue discipline's peek() operation. This oversight could lead to an immediate dequeue and potential packet drop if the child discipline used qdisc_peek_dequeued(). Although the HFSC class's queue length and backlog were eventually corrected, the initial inconsistency could cause an empty HFSC class to remain active, leading to further issues such as use-after-free errors. The vulnerability has been resolved by ensuring that the queue length and backlog are accurately updated before peeking, preventing any disruption in queue accounting.

Impact

The vulnerability could cause inconsistent queue accounting in the HFSC scheduling class, leading to an empty class remaining active and potentially causing use-after-free errors.