CVE-2025-38568 in Linuxthông tin

Tóm tắt

Bởi MITRE • 19/08/2025

In the Linux kernel, the following vulnerability has been resolved:

net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing

TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This leads to a 4-byte out-of-bounds stack write in the fp[] array, which only has room for 16 elements (0–15).

Fix this by changing the policy to allow only up to TC_QOPT_MAX_QUEUE - 1.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

chịu trách nhiệm

Linux

Đặt trước

16/04/2025

Tiết lộ

19/08/2025

Kiểm duyệt

được chấp nhận

EPSS

0.00154

KEV

không

Các hoạt động

rất thấp

Nguồn

Do you know our Splunk app?

Download it now for free!