SB20250422109 - Improper locking in Linux kernel sched

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2025-38637)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the skbprio_enqueue() and skbprio_dequeue() functions in net/sched/sch_skbprio.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/034b293bf17c124fec0f0e663f81203b00aa7a50
• https://git.kernel.org/stable/c/1284733bab736e598341f1d3f3b94e2a322864a8
• https://git.kernel.org/stable/c/1dcc144c322a8d526b791135604c0663f1af9d85
• https://git.kernel.org/stable/c/2286770b07cb5268c03d11274b8efd43dff0d380
• https://git.kernel.org/stable/c/2f35b7673a3aa3d09b3eb05811669622ebaa98ca
• https://git.kernel.org/stable/c/32ee79682315e6d3c99947b3f38b078a09a66919
• https://git.kernel.org/stable/c/7abc8318ce0712182bf0783dcfdd9a6a8331160e
• https://git.kernel.org/stable/c/864ca690ff135078d374bd565b9872f161c614bc
• https://git.kernel.org/stable/c/ce8fe975fd99b49c29c42e50f2441ba53112b2e8
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.236
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.180
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.292
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.134
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.23
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.87