Login Sign Up

CVE-2025-37752

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE-2025-37752 is a Linux kernel vulnerability in the Stochastic Fairness Queueing (SFQ) network scheduler that allows array index out-of-bounds access due to improper limit validation. Attackers with local access can trigger a kernel crash (denial of service) or potentially execute arbitrary code. All Linux systems using the affected kernel versions with SFQ scheduler enabled are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific versions not explicitly stated in CVE, but references indicate fixes in stable kernel trees. Likely affects multiple recent versions before fixes.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if SFQ scheduler is configured and used. Default configurations may not use SFQ.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution leading to full system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service.

🟢

If Mitigated

No impact if SFQ scheduler is not used or system is patched.

🌐 Internet-Facing: LOW - Requires local access to trigger.
🏢 Internal Only: MEDIUM - Local attackers or malicious users can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to configure network scheduler parameters via tc command.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 1348214fa042a71406964097e743c87a42c85a49 and related fixes

Vendor Advisory: https://git.kernel.org/stable/c/1348214fa042a71406964097e743c87a42c85a49

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable SFQ scheduler

linux

Remove or disable SFQ scheduler configurations to prevent exploitation

tc qdisc del dev [interface] root sfq
Remove SFQ configurations from network scripts

🧯 If You Can't Patch

  • Restrict access to tc command and network configuration tools
  • Implement strict access controls to prevent local users from modifying network scheduler parameters

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if SFQ scheduler is configured: tc qdisc show | grep sfq

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond vulnerable versions and test SFQ configuration with limit parameter

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • UBSAN array-index-out-of-bounds errors
  • System crash/reboot events

Network Indicators:

  • Unusual tc command usage patterns
  • Multiple SFQ configuration attempts

SIEM Query:

Search for 'UBSAN: array-index-out-of-bounds' or 'sch_sfq.c' in kernel logs

📊 Metadata

CVE ID: CVE-2025-37752
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-129
EPSS Score: 0.01% exploit probability (2.1th percentile)
Published: May 1, 2025
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37752, you might also want to check these:

CVE-2020-27483 9.9

This vulnerability in Garmin Forerunner 235 devices allows attackers to potentially execute arbitrar...

Same vulnerability type (CWE-129)
CVE-2020-27485 9.9

This vulnerability in Garmin Forerunner 235 devices allows malicious ConnectIQ store applications to...

Same vulnerability type (CWE-129)
CVE-2021-38563 9.8

This vulnerability in Foxit PDF software allows attackers to trigger memory corruption through malfo...

Same vulnerability type (CWE-129)