CVE-2025-21971Infinite Loop in Linux

CWE-835Infinite LoopCWE-703Improper Check or Handling of Exceptional Conditions113 documents7 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV7.8OSV7.1OSV6.2OSV5.9
EPSS
0.1%
top 74.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedApr 1
Latest updateNov 21

Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TC_H_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, thi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

NVDlinux/linux_kernel2.6.265.4.292+8
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.4.0-216.236+4
CVEListV5linux/linux066a3b5b2346febf9a655b444567b7138e3bb939e05d9938b1b0ac40b6054cc5fa0ccbd9afd5ed4c+8
debiandebian/linux< linux 6.1.133-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

55
OSV
linux-iot vulnerabilities2025-07-16
OSV
linux-xilinx-zynqmp vulnerabilities2025-06-26
OSV
linux-hwe-5.15 vulnerabilities2025-06-24
OSV
linux-aws-fips, linux-fips vulnerabilities2025-05-29
OSV
linux-oracle-6.8 vulnerabilities2025-05-29

📋Vendor Advisories

57
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2025-132232025-11-21
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2025-219712025-10-10
Ubuntu
Linux kernel (IoT) vulnerabilities2025-07-16
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2025-06-26
Ubuntu
Linux kernel (HWE) vulnerabilities2025-06-24