CVE-2025-38193
📋 TL;DR
A vulnerability in the Linux kernel's SFQ (Stochastic Fairness Queueing) scheduler allows attackers to trigger a race condition by providing invalid perturb_period values. This integer overflow/underflow vulnerability affects Linux systems using SFQ queuing discipline. Attackers with local or network access to configure traffic control rules could potentially exploit this.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or denial of service leading to system instability or crash
Likely Case
Local denial of service through kernel instability or system hang
If Mitigated
No impact if SFQ is not used or proper input validation is in place
🎯 Exploit Status
Exploitation requires ability to configure traffic control rules and knowledge of triggering race condition
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 0357da9149eac621f39e235a135ebf155f01f7c3, 2254d038dab9c194fe6a4b1ce31034f42e91a6e5, 590b2d7d0beadba2aa576708a05a05f0aae39295, 7ca52541c05c832d32b112274f81a985101f9ba8, 956b5aebb349449b38d920d444ca1392d43719d1
Vendor Advisory: https://git.kernel.org/stable/c/0357da9149eac621f39e235a135ebf155f01f7c3
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable SFQ usage
linuxPrevent use of SFQ queuing discipline if not required
# Remove existing SFQ qdiscs
tc qdisc del dev [interface] root
# Monitor for SFQ usage attempts
Restrict traffic control permissions
linuxLimit who can configure network queuing disciplines
# Remove CAP_NET_ADMIN from non-privileged users
setcap -r /sbin/tc
# Use sudoers to restrict tc command
🧯 If You Can't Patch
- Restrict access to traffic control utilities (tc command) to trusted administrators only
- Monitor for attempts to configure SFQ with unusual perturb values
🔍 How to Verify
Check if Vulnerable:
Check if SFQ qdiscs are configured: tc -s qdisc show | grep sfqCheck Version:
uname -rVerify Fix Applied:
Check kernel version is patched: uname -r and verify against distribution security advisories📡 Detection & Monitoring
Log Indicators:
- Failed tc command attempts with SFQ parameters
- Kernel logs showing SFQ configuration errors
Network Indicators:
- Unusual traffic control configuration attempts
SIEM Query:
Process execution: tc with sfq and perturb parameters🔗 References
- https://git.kernel.org/stable/c/0357da9149eac621f39e235a135ebf155f01f7c3
- https://git.kernel.org/stable/c/2254d038dab9c194fe6a4b1ce31034f42e91a6e5
- https://git.kernel.org/stable/c/590b2d7d0beadba2aa576708a05a05f0aae39295
- https://git.kernel.org/stable/c/7ca52541c05c832d32b112274f81a985101f9ba8
- https://git.kernel.org/stable/c/956b5aebb349449b38d920d444ca1392d43719d1
- https://git.kernel.org/stable/c/b11a50544af691b787384089b68f740ae20a441b
- https://git.kernel.org/stable/c/e0936ff56be4e08ad5b60ec26971eae0c40af305
- https://git.kernel.org/stable/c/f9b97d466e6026ccbdda30bb5b71965b67ccbc82
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
