Volerion logoVolerion
Volerion logoVolerion

Linux Kernel QFQ Scheduler Class Management Vulnerability Leading to Use-After-Free

Vulnerability

A vulnerability in the Linux kernel's QFQ (Queueing Fairness) scheduler has been addressed. The issue arose in the 'qfq_change_class()' function, where existing classes were improperly managed. Specifically, the function would free class resources even when a new class had not been allocated, creating a risk of use-after-free vulnerabilities. This problem has been fixed by ensuring that resources are only freed when a new class and its associated queueing discipline are allocated.

Impact

The vulnerability could lead to a use-after-free condition, which may be exploitable to execute arbitrary code or cause a denial-of-service by crashing the system.

Remediation

Users can upgrade to the latest version of the Linux kernel to address this vulnerability. The specific commit that resolves the issue is available in the Linux kernel stable tree.

Added: Jan 25, 2026, 3:29 PM
Updated: Jan 25, 2026, 3:29 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
7.5
exploitability
3.1
remediation
7.7
relevance
2.4
threat
3.2
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.