CVE-2025-38083 — Race Condition in Linux

CWE-362 — Race Condition CWE-366 — Race Condition within a Thread57 documents9 sources

Severity

4.7MEDIUMNVD

OSV7.8OSV5.5

EPSS

0.1%

top 74.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedJun 20

Latest updateFeb 27

Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tre…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel5.0 — 5.4.295+7

▶Debianlinux/linux_kernel< 5.10.244-1+3

▶Ubuntulinux/linux_kernel< 5.15.0-151.161+2

▶CVEListV5linux/linux7b8e0b6e659983154c8d7e756cdb833d89a3d4d7 — 53d11560e957d53ee87a0653d258038ce12361b7+8

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-azure-fips vulnerabilities↗2025-10-21

▶

OSV

linux-oracle-5.4 vulnerabilities↗2025-10-21

▶

OSV

linux-azure, linux-azure-5.4 vulnerabilities↗2025-10-13

▶

OSV

linux-azure, linux-azure-6.8, linux-azure-nvidia vulnerabilities↗2025-09-03

▶

OSV

linux-azure-5.15 vulnerabilities↗2025-09-02

▶

📋Vendor Advisories

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2025-38083↗2026-02-27

▶

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2025-10-21

▶

Ubuntu

Linux kernel (Oracle) vulnerabilities↗2025-10-21

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-10-13

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-09-03

▶