You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 38177
About this tag
CVE-2025-38177 is a Linux kernel vulnerability in the HFSC traffic-control scheduler (sch_hfsc) that arises from a non-idempotent qlen_notify pathway. This timing-and-lifecycle bug can leave parent qdiscs operating on stale class pointers, potentially leading to a kernel use-after-free. The upstream fix makes hfsc_qlen_notify idempotent. Discussions on WindowsForum.com cover the patch's backport impact, risk prioritization in multi-tenant cloud and appliance environments, and guidance for operators on hunting, verifying, and remediating the issue. While the vulnerability is Linux-specific, it is relevant to Windows users running Linux VMs or containers on Windows Server or Azure.
A timing-and-lifecycle bug in the Linux traffic‑control scheduler (sch_hfsc) has been assigned CVE‑2025‑38177 after upstream maintainers patched a non‑idempotent qlen_notify pathway that could leave parent qdiscs operating on stale class pointers and, in the worst case, trigger a kernel...