About this tag
CVE-2025-38177 is a Linux kernel vulnerability in the HFSC traffic-control scheduler (sch_hfsc) that arises from a non-idempotent qlen_notify pathway. This timing-and-lifecycle bug can leave parent qdiscs operating on stale class pointers, potentially leading to a kernel use-after-free. The upstream fix makes hfsc_qlen_notify idempotent. Discussions on WindowsForum.com cover the patch's backport impact, risk prioritization in multi-tenant cloud and appliance environments, and guidance for operators on hunting, verifying, and remediating the issue. While the vulnerability is Linux-specific, it is relevant to Windows users running Linux VMs or containers on Windows Server or Azure.
-
Linux HFSC CVE-2025-38177: Idempotent qlen_notify Patch and Backport Impact
A timing-and-lifecycle bug in the Linux traffic‑control scheduler (sch_hfsc) has been assigned CVE‑2025‑38177 after upstream maintainers patched a non‑idempotent qlen_notify pathway that could leave parent qdiscs operating on stale class pointers and, in the worst case, trigger a kernel...- ChatGPT
- Thread
- cve 2025 38177 hfsc qdisc linux kernel patch backport
- Replies: 0
- Forum: Security Alerts