{"id":"CVE-2025-21971","summary":"net_sched: Prevent creation of classes with TC_H_ROOT","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.","modified":"2026-05-18T05:56:14.982122337Z","published":"2025-04-01T15:47:04.448Z","related":["SUSE-SU-2025:01614-1","SUSE-SU-2025:01707-1","SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:02334-1","SUSE-SU-2025:02844-1","SUSE-SU-2025:02844-2","SUSE-SU-2025:02849-1","SUSE-SU-2025:02851-1","SUSE-SU-2025:02852-1","SUSE-SU-2025:03310-1","SUSE-SU-2025:03344-1","SUSE-SU-2025:03384-1","SUSE-SU-2025:03636-1","SUSE-SU-2025:03638-1","SUSE-SU-2025:03652-1","SUSE-SU-2025:03653-1","SUSE-SU-2025:03656-1","SUSE-SU-2025:03663-1","SUSE-SU-2025:03664-1","SUSE-SU-2025:03666-1","SUSE-SU-2025:03671-1","SUSE-SU-2025:03672-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20206-1","SUSE-SU-2025:20270-1","SUSE-SU-2025:20283-1","SUSE-SU-2025:20873-1","SUSE-SU-2025:20874-1","SUSE-SU-2025:20881-1","SUSE-SU-2025:20884-1","SUSE-SU-2025:20885-1","SUSE-SU-2025:20886-1","SUSE-SU-2025:20890-1","SUSE-SU-2025:20891-1","SUSE-SU-2025:20903-1","SUSE-SU-2025:20907-1","SUSE-SU-2025:20909-1","SUSE-SU-2025:20912-1","SUSE-SU-2025:20913-1","SUSE-SU-2025:20920-1","SUSE-SU-2025:3675-1","SUSE-SU-2025:3679-1","SUSE-SU-2025:3683-1","SUSE-SU-2025:3704-1","SUSE-SU-2025:3705-1","SUSE-SU-2025:3712-1","SUSE-SU-2025:3717-1","SUSE-SU-2025:3721-1","SUSE-SU-2025:3731-1","SUSE-SU-2025:3733-1","SUSE-SU-2025:3734-1","SUSE-SU-2025:3736-1","SUSE-SU-2025:3740-1","SUSE-SU-2025:3742-1","SUSE-SU-2025:3748-1","SUSE-SU-2025:3765-1","SUSE-SU-2025:3768-1","SUSE-SU-2025:4123-1","USN-7521-2"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21971.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/003d92c91cdb5a64b25a9a74cb8543aac9a8bb48"},{"type":"WEB","url":"https://git.kernel.org/stable/c/0c3057a5a04d07120b3d0ec9c79568fceb9c921e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5c3ca9cb48b51bd72bf76b8b05e24f3cd53db5e7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/78533c4a29ac3aeddce4b481770beaaa4f3bfb67"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7a82fe67a9f4d7123d8e5ba8f0f0806c28695006"},{"type":"WEB","url":"https://git.kernel.org/stable/c/94edfdfb9505ab608e86599d1d1e38c83816fc1c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e05d9938b1b0ac40b6054cc5fa0ccbd9afd5ed4c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e5ee00607bbfc97ef1526ea95b6b2458ac9e7cb7"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21971.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21971"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"066a3b5b2346febf9a655b444567b7138e3bb939"},{"fixed":"e05d9938b1b0ac40b6054cc5fa0ccbd9afd5ed4c"},{"fixed":"7a82fe67a9f4d7123d8e5ba8f0f0806c28695006"},{"fixed":"003d92c91cdb5a64b25a9a74cb8543aac9a8bb48"},{"fixed":"e5ee00607bbfc97ef1526ea95b6b2458ac9e7cb7"},{"fixed":"78533c4a29ac3aeddce4b481770beaaa4f3bfb67"},{"fixed":"5c3ca9cb48b51bd72bf76b8b05e24f3cd53db5e7"},{"fixed":"94edfdfb9505ab608e86599d1d1e38c83816fc1c"},{"fixed":"0c3057a5a04d07120b3d0ec9c79568fceb9c921e"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21971.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.25"},{"fixed":"5.4.292"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.236"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.180"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.132"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.84"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.20"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.13.8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21971.json"}}],"schema_version":"1.7.5"}