{"id":"CVE-2025-38193","summary":"net_sched: sch_sfq: reject invalid perturb period","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: reject invalid perturb period\n\nGerrard Tai reported that SFQ perturb_period has no range check yet,\nand this can be used to trigger a race condition fixed in a separate patch.\n\nWe want to make sure ctl-\u003eperturb_period * HZ will not overflow\nand is positive.\n\n\ntc qd add dev lo root sfq perturb -10   # negative value : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 1000000000 # too big : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 2000000 # acceptable value\ntc -s -d qd sh dev lo\nqdisc sfq 8005: root refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 perturb 2000000sec\n Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0","modified":"2026-05-15T11:54:36.248040710Z","published":"2025-07-04T13:37:17.285Z","related":["SUSE-SU-2025:02846-1","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38193.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0357da9149eac621f39e235a135ebf155f01f7c3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2254d038dab9c194fe6a4b1ce31034f42e91a6e5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/590b2d7d0beadba2aa576708a05a05f0aae39295"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7ca52541c05c832d32b112274f81a985101f9ba8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/956b5aebb349449b38d920d444ca1392d43719d1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b11a50544af691b787384089b68f740ae20a441b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e0936ff56be4e08ad5b60ec26971eae0c40af305"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9b97d466e6026ccbdda30bb5b71965b67ccbc82"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38193.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38193"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.12"},{"fixed":"5.4.297"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.240"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.186"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.142"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.95"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.35"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.15.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38193.json"}}],"schema_version":"1.7.5"}