CVE-2025-38083 – Linux Kernel NetSched Prio Race Condition Underflow

June 20, 2025

CVE ID : CVE-2025-38083

Published : June 20, 2025, 12:15 p.m. | 2 hours, 28 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

net_sched: prio: fix a race in prio_tune()

Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer
fires at the wrong time.

The race is as follows:

This can be abused to underflow a parent’s qlen.

Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()
should fix the race, because all packets will be purged from the qdisc
before releasing the lock.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6337 – TOTOLINK A3002R/A3002RU HTTP POST Request Handler Buffer Overflow

Next Article CVE-2025-6335 – DedeCMS Template Handler Command Injection Vulnerability

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

Borderlands 4 is killing off a tired “FOMO” trend — I hope other developers follow suit

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

CVE-2025-38083 – Linux Kernel NetSched Prio Race Condition Underflow

CVE-2025-49763: Apache Traffic Server Vulnerability Enables Memory Exhaustion Attacks

IBM QRadar SIEM Exposed by Trio of Security Flaws, Including Critical Command Execution Bug

Brute-force attacks target Apache Tomcat management panels

CVE-2023-44752 – Apache Student Study Center Desk Management System Authentication Bypass

CVE-2025-4844 – FreeFloat FTP Server CD Command Handler Buffer Overflow Vulnerability

Playwright Visual Testing: A Comprehensive Guide to UI Regression

Load Balancing with Azure Application Gateway and Azure Load Balancer – When to Use Each One

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

CVE-2025-31930 – Schneider Electric Modbus Remote Control Vulnerability

Building High-Performance Financial Analytics Pipelines with Polars: Lazy Evaluation, Advanced Expressions, and SQL Integration

CVE-2025-38083 – Linux Kernel NetSched Prio Race Condition Underflow

Related Posts