{"id":"CVE-2025-38083","summary":"net_sched: prio: fix a race in prio_tune()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: prio: fix a race in prio_tune()\n\nGerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0                                 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n |                                    [5]: lock root\n |                                    [6]: rehash\n |                                    [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent's qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.","modified":"2026-04-16T00:02:23.431845705Z","published":"2025-06-20T11:21:51.554Z","related":["SUSE-SU-2025:02249-1","SUSE-SU-2025:02254-1","SUSE-SU-2025:02264-1","SUSE-SU-2025:02307-1","SUSE-SU-2025:02308-1","SUSE-SU-2025:02320-1","SUSE-SU-2025:02321-1","SUSE-SU-2025:02322-1","SUSE-SU-2025:02333-1","SUSE-SU-2025:02334-1","SUSE-SU-2025:02335-1","SUSE-SU-2025:02537-1","SUSE-SU-2025:02538-1","SUSE-SU-2025:02820-1","SUSE-SU-2025:02821-1","SUSE-SU-2025:02827-1","SUSE-SU-2025:02830-1","SUSE-SU-2025:02832-1","SUSE-SU-2025:02833-1","SUSE-SU-2025:02834-1","SUSE-SU-2025:02854-1","SUSE-SU-2025:02857-1","SUSE-SU-2025:02858-1","SUSE-SU-2025:02859-1","SUSE-SU-2025:02860-1","SUSE-SU-2025:02871-1","SUSE-SU-2025:02873-1","SUSE-SU-2025:02875-1","SUSE-SU-2025:02876-1","SUSE-SU-2025:02894-1","SUSE-SU-2025:02897-1","SUSE-SU-2025:02902-1","SUSE-SU-2025:02908-1","SUSE-SU-2025:02909-1","SUSE-SU-2025:02911-1","SUSE-SU-2025:02917-1","SUSE-SU-2025:02918-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02926-1","SUSE-SU-2025:02930-1","SUSE-SU-2025:02932-1","SUSE-SU-2025:02934-1","SUSE-SU-2025:02937-1","SUSE-SU-2025:02938-1","SUSE-SU-2025:02942-1","SUSE-SU-2025:02943-1","SUSE-SU-2025:02945-1","SUSE-SU-2025:02955-1","SUSE-SU-2025:20475-1","SUSE-SU-2025:20483-1","SUSE-SU-2025:20493-1","SUSE-SU-2025:20498-1","SUSE-SU-2025:20633-1","SUSE-SU-2025:20634-1","SUSE-SU-2025:20635-1","SUSE-SU-2025:20636-1","SUSE-SU-2025:20637-1","SUSE-SU-2025:20638-1","SUSE-SU-2025:20639-1","SUSE-SU-2025:20640-1","SUSE-SU-2025:20641-1","SUSE-SU-2025:20642-1","SUSE-SU-2025:20643-1","SUSE-SU-2025:20644-1","SUSE-SU-2025:20645-1","SUSE-SU-2025:20646-1","SUSE-SU-2025:20647-1","SUSE-SU-2025:20648-1","SUSE-SU-2025:20676-1","SUSE-SU-2025:20677-1","SUSE-SU-2025:20678-1","SUSE-SU-2025:20679-1","SUSE-SU-2025:20680-1","SUSE-SU-2025:20681-1","SUSE-SU-2025:20682-1","SUSE-SU-2025:20684-1","SUSE-SU-2025:20685-1","SUSE-SU-2025:20686-1","SUSE-SU-2025:20687-1","SUSE-SU-2025:20688-1","SUSE-SU-2025:20689-1","SUSE-SU-2025:20690-1","SUSE-SU-2025:4123-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38083.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/20f68e6a9e41693cb0e55e5b9ebbcb40983a4b8f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3aaa7c01cf19d9b9bb64b88b65c3a6fd05da2eb4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4483d8b9127591c60c4eb789d6cab953bc4522a9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/46c15c9d0f65c9ba857d63f53264f4b17e8a715f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/53d11560e957d53ee87a0653d258038ce12361b7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/93f9eeb678d4c9c1abf720b3615fa8299a490845"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d35acc1be3480505b5931f17e4ea9b7617fea4d3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e3f6745006dc9423d2b065b90f191cfa11b1b584"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38083.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38083"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7b8e0b6e659983154c8d7e756cdb833d89a3d4d7"},{"fixed":"53d11560e957d53ee87a0653d258038ce12361b7"},{"fixed":"4483d8b9127591c60c4eb789d6cab953bc4522a9"},{"fixed":"20f68e6a9e41693cb0e55e5b9ebbcb40983a4b8f"},{"fixed":"3aaa7c01cf19d9b9bb64b88b65c3a6fd05da2eb4"},{"fixed":"46c15c9d0f65c9ba857d63f53264f4b17e8a715f"},{"fixed":"e3f6745006dc9423d2b065b90f191cfa11b1b584"},{"fixed":"93f9eeb678d4c9c1abf720b3615fa8299a490845"},{"fixed":"d35acc1be3480505b5931f17e4ea9b7617fea4d3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38083.json"}}],"schema_version":"1.7.5"}