CVE-2025-37992

Q: What is the severity of CVE-2025-37992?

CVE-2025-37992 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's network scheduler (net_sched) occurs when reducing a qdisc's limit via the ->change() operation. This happens because only the main skb queue is trimmed, leaving packets in the gso_skb list, which can cause kernel crashes or denial of service. Systems running affected Linux kernel versions with specific qdisc configurations are vulnerable.

5.5 MEDIUM

Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's network scheduler (net_sched) occurs when reducing a qdisc's limit via the ->change() operation. This happens because only the main skb queue is trimmed, leaving packets in the gso_skb list, which can cause kernel crashes or denial of service. Systems running affected Linux kernel versions with specific qdisc configurations are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE; check kernel commits for exact ranges (typically versions before patches were applied).

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Requires use of specific qdiscs (codel, fq, fq_codel, fq_pie, hhf, pie) and modification of qdisc limits via ->change() operation; default configurations may not be vulnerable.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical or remote reboot.

🟠

Likely Case

Local denial of service through kernel crash when qdisc limits are modified, disrupting network functionality.

🟢

If Mitigated

Minimal impact with proper kernel patches applied; unprivileged users cannot trigger without specific qdisc configuration access.

🌐 Internet-Facing: LOW - Requires local access or specific network configuration changes; not directly exploitable from remote.

🏢 Internal Only: MEDIUM - Local users with CAP_NET_ADMIN or root privileges can trigger the vulnerability, causing system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM - Requires local access and ability to modify qdisc settings, typically needing CAP_NET_ADMIN or root privileges.

Exploitation involves triggering the ->change() operation on vulnerable qdiscs; no known public exploits as of this analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions including commits: 2d3cbfd6d54a2c39ce3244f33f85c595844bd7b8, a7d6e0ac0a8861f6b1027488062251a8e28150fd, d1365ca80b012d8a7863e45949e413fb61fa4861, d3336f746f196c6a53e0480923ae93939f047b6c, d38939ebe0d992d581acb6885c1723fa83c1fb2c

Vendor Advisory: https://git.kernel.org/stable/c/2d3cbfd6d54a2c39ce3244f33f85c595844bd7b8

Restart Required: Yes

Instructions:

1. Identify current kernel version. 2. Update to a patched kernel version from your Linux distribution's repository. 3. Reboot the system to load the new kernel. 4. Verify the patch is applied by checking kernel version or commit hashes.

🔧 Temporary Workarounds

Avoid qdisc limit modifications

linux

Prevent changes to qdisc limits for vulnerable qdiscs (codel, fq, fq_codel, fq_pie, hhf, pie) to avoid triggering the vulnerability.

# Use tools like 'tc' to monitor and avoid modifying qdisc limits
# Example: Check current qdisc settings: tc qdisc show

🧯 If You Can't Patch

Restrict access to network configuration tools (e.g., 'tc') to trusted users only, limiting CAP_NET_ADMIN capabilities.
Monitor system logs for kernel panic or NULL pointer dereference events related to net_sched operations.

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched commits; if using an affected version and vulnerable qdiscs, assume vulnerability.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the patch commits or is from a distribution that has backported the fixes.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg output
NULL pointer dereference errors related to net_sched or qdisc operations

Network Indicators:

Unusual network disruption or qdisc configuration changes

SIEM Query:

Example: 'kernel: NULL pointer dereference' AND 'net_sched' OR 'qdisc' in system logs

📊 Metadata

CVE ID: CVE-2025-37992

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.04% exploit probability (11.8th percentile)

Published: May 26, 2025

Last Updated: December 16, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Avoid qdisc limit modifications

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities