CVE-2025-38553 – A Linux kernel vulnerability in the netem netwo... (How to Fix)

Q: What is the severity of CVE-2025-38553?

CVE-2025-38553 has a CVSS score of 5.5 (MEDIUM). A Linux kernel vulnerability in the netem network emulation qdisc allows a denial-of-service condition when duplicating netems exist in the same qdisc tree. This can cause soft lockups and OOM loops in netem_dequeue, potentially crashing affected systems. Systems using Linux kernel with netem qdisc configured are affected.

📋 TL;DR

A Linux kernel vulnerability in the netem network emulation qdisc allows a denial-of-service condition when duplicating netems exist in the same qdisc tree. This can cause soft lockups and OOM loops in netem_dequeue, potentially crashing affected systems. Systems using Linux kernel with netem qdisc configured are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE, but patches available for stable branches

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when netem qdisc is configured with duplication enabled and multiple netems in same tree

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System becomes unresponsive due to soft lockup and OOM loop, requiring reboot to recover

🟠

Likely Case

Network performance degradation or service disruption on affected interfaces

🟢

If Mitigated

Minimal impact if netem is not used or properly configured

🌐 Internet-Facing: LOW - Requires specific netem configuration and local access

🏢 Internal Only: MEDIUM - Could affect internal network devices or servers using netem

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to configure network qdiscs, typically root/admin access

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel branches (commits provided in references)

Vendor Advisory: https://git.kernel.org/stable/c/09317dfb681ac5a96fc69bea0c54441cf91b8270

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version 2. Reboot system 3. Verify patch applied with version check

🔧 Temporary Workarounds

Disable netem duplication

all

Remove or disable netem qdisc configurations that use packet duplication

tc qdisc del dev <interface> root netem duplicate <percentage>
tc qdisc show

Avoid multiple netems in same tree

all

Ensure only one netem qdisc exists in any qdisc tree hierarchy

tc qdisc show
Review and simplify qdisc configurations

🧯 If You Can't Patch

Monitor system logs for soft lockup or OOM warnings related to netem
Implement network segmentation to limit exposure of affected systems

🔍 How to Verify

Check if Vulnerable:

Check if netem qdisc is configured with duplication: tc qdisc show | grep -i netem

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes patched commits or verify netem configurations are safe

📡 Detection & Monitoring

Log Indicators:

Kernel soft lockup messages
OOM killer activity
netem-related kernel warnings

Network Indicators:

Unusual packet duplication rates
Network interface performance degradation

SIEM Query:

kernel: "soft lockup" OR "netem" OR "qdisc" AND ("duplicate" OR "OOM")

📊 Metadata

CVE ID: CVE-2025-38553

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-667

EPSS Score: 0.01% exploit probability (1.2th percentile)

Published: August 19, 2025

Last Updated: January 8, 2026

🔗 References

https://git.kernel.org/stable/c/09317dfb681ac5a96fc69bea0c54441cf91b8270 Patch
https://git.kernel.org/stable/c/103c4e27ec9f5fe53022e46e976abf52c7221baf Patch
https://git.kernel.org/stable/c/250f8796006c0f2bc638ce545f601d49ae8d528b Patch
https://git.kernel.org/stable/c/325f5ec67cc0a77f2d0d453445b9857f1cd06c76 Patch
https://git.kernel.org/stable/c/795cb393e38977aa991e70a9363da0ee734b2114 Patch
https://git.kernel.org/stable/c/ad340a4b4adb855b18b3666f26ad65c8968e2deb Patch
https://git.kernel.org/stable/c/cab2809944989889f88a1a8b5cff1c78460c72cb Patch
https://git.kernel.org/stable/c/ec8e0e3d7adef940cdf9475e2352c0680189d14e Patch
https://git.kernel.org/stable/c/f088b6ebe8797a3f948d2cae47f34bfb45cc6522 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38553, you might also want to check these: