CVE-2025-38193 — Integer Overflow or Wraparound in Linux
Severity
5.5MEDIUMNVD
OSV5.6OSV3.2
EPSS
0.0%
top 94.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 4
Latest updateMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
net_sched: sch_sfq: reject invalid perturb period
Gerrard Tai reported that SFQ perturb_period has no range check yet,
and this can be used to trigger a race condition fixed in a separate patch.
We want to make sure ctl->perturb_period * HZ will not overflow
and is positive.
tc qd add dev lo root sfq perturb -10 # negative value : error
Error: sch_sfq: invalid perturb period.
tc qd add dev lo root sfq perturb 1000000000 # …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 — e0936ff56be4e08ad5b60ec26971eae0c40af305+8
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
20💥Exploits & PoCs
1Exploit-DB▶
Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation↗2025-05-09