CVE-2025-38637
📋 TL;DR
A Linux kernel vulnerability in the SKBPRIO queue discipline (qdisc) causes assertion failures when used as a child qdisc under TBF (Token Bucket Filter) with specific parameters. This can lead to kernel panics or system crashes, affecting Linux systems using these specific network queueing configurations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting network services and requiring system reboot.
Likely Case
System instability or crashes when specific network configurations are used, causing temporary service disruption.
If Mitigated
Minimal impact if vulnerable configurations are not in use or systems are patched.
🎯 Exploit Status
Exploitation requires specific network configuration and conditions to trigger the assertion failure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 034b293bf17c124fec0f0e663f81203b00aa7a50, 1284733bab736e598341f1d3f3b94e2a322864a8, 1dcc144c322a8d526b791135604c0663f1af9d85, 2286770b07cb5268c03d11274b8efd43dff0d380, 2f35b7673a3aa3d09b3eb05811669622ebaa98ca
Vendor Advisory: https://git.kernel.org/stable/c/034b293bf17c124fec0f0e663f81203b00aa7a50
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Avoid vulnerable qdisc configuration
linuxDo not configure SKBPRIO as a child qdisc under TBF with parameters that cause peek operations
# Check current qdisc configuration
tc qdisc show
# Modify configuration if using SKBPRIO under TBF
🧯 If You Can't Patch
- Avoid using SKBPRIO as child qdisc under TBF in network configurations
- Monitor systems for kernel panic logs and have recovery procedures ready
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if using SKBPRIO as child qdisc under TBF: 'uname -r' and 'tc qdisc show'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits and test network configuration stability📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- System crash reports
- Network subsystem assertion failures
Network Indicators:
- Network service disruptions when specific qdisc configurations are active
SIEM Query:
Search for kernel panic events or assertion failures in system logs🔗 References
- https://git.kernel.org/stable/c/034b293bf17c124fec0f0e663f81203b00aa7a50
- https://git.kernel.org/stable/c/1284733bab736e598341f1d3f3b94e2a322864a8
- https://git.kernel.org/stable/c/1dcc144c322a8d526b791135604c0663f1af9d85
- https://git.kernel.org/stable/c/2286770b07cb5268c03d11274b8efd43dff0d380
- https://git.kernel.org/stable/c/2f35b7673a3aa3d09b3eb05811669622ebaa98ca
- https://git.kernel.org/stable/c/32ee79682315e6d3c99947b3f38b078a09a66919
- https://git.kernel.org/stable/c/7abc8318ce0712182bf0783dcfdd9a6a8331160e
- https://git.kernel.org/stable/c/864ca690ff135078d374bd565b9872f161c614bc
- https://git.kernel.org/stable/c/ce8fe975fd99b49c29c42e50f2441ba53112b2e8
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
