CVE-2025-39766 – A Linux kernel vulnerability in the CAKE (Commo... (How to Fix)

Q: What is the severity of CVE-2025-39766?

CVE-2025-39766 has a CVSS score of 7.8 (HIGH). A Linux kernel vulnerability in the CAKE (Common Applications Kept Enhanced) queuing discipline causes incorrect congestion notification when packets are dropped due to low buffer limits. This can trigger kernel warnings and potentially lead to denial of service conditions. Systems using HTB (Hierarchical Token Bucket) with CAKE qdiscs are affected.

📋 TL;DR

A Linux kernel vulnerability in the CAKE (Common Applications Kept Enhanced) queuing discipline causes incorrect congestion notification when packets are dropped due to low buffer limits. This can trigger kernel warnings and potentially lead to denial of service conditions. Systems using HTB (Hierarchical Token Bucket) with CAKE qdiscs are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE, but references indicate stable kernel commits from 2024-2025.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only affects systems with specific network configuration: HTB qdisc with CAKE child qdisc and extremely low memlimit settings.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash due to triggered warnings and improper queue handling, causing complete denial of service.

🟠

Likely Case

Kernel warnings in system logs and potential packet loss or network performance degradation in affected traffic classes.

🟢

If Mitigated

Minor performance impact with proper buffer configuration and updated kernel versions.

🌐 Internet-Facing: LOW - Requires specific network configuration and local traffic to trigger.

🏢 Internal Only: MEDIUM - Internal systems with custom traffic shaping configurations using HTB+CAKE could be affected.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires local access and specific network configuration commands. The provided ping command demonstrates the trigger condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 0dacfc5372e314d1219f03e64dde3ab495a5a25e, 15de71d06a400f7fdc15bf377a2552b0ec437cf5, 62d591dde4defb1333d202410609c4ddeae060b3, 710866fc0a64eafcb8bacd91bcb1329eb7e5035f, 7689ab22de36f8db19095f6bdf11f28cfde92f5c

Vendor Advisory: https://git.kernel.org/stable/c/0dacfc5372e314d1219f03e64dde3ab495a5a25e

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Avoid low memlimit configurations

linux

Configure CAKE qdisc with reasonable memlimit values to prevent hitting buffer_limit conditions.

tc qdisc add dev <interface> parent <parent> cake memlimit <reasonable_value>

Remove vulnerable configuration

linux

Temporarily remove or modify HTB+CAKE traffic shaping configuration.

tc qdisc del dev <interface> root

🧯 If You Can't Patch

Avoid using CAKE qdisc with extremely low memlimit settings in HTB configurations.
Monitor system logs for kernel warnings related to htb_activate or queue handling.

🔍 How to Verify

Check if Vulnerable:

Check if system has HTB+CAKE configuration with low memlimit: tc qdisc show | grep -A2 -B2 'cake'

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains patched commits: uname -r and verify with distribution patch notes.

📡 Detection & Monitoring

Log Indicators:

Kernel warnings containing 'htb_activate' or 'WARNING' related to qdisc queue handling
System log entries about packet drops in CAKE qdisc

Network Indicators:

Unexpected packet loss in traffic shaped by HTB+CAKE
Network performance degradation in specific traffic classes

SIEM Query:

source="kernel" AND ("htb_activate" OR "WARNING" AND "qdisc")

📊 Metadata

CVE ID: CVE-2025-39766

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score: 0.01% exploit probability (1th percentile)

Published: September 11, 2025

Last Updated: January 9, 2026

🔗 References

https://git.kernel.org/stable/c/0dacfc5372e314d1219f03e64dde3ab495a5a25e Patch
https://git.kernel.org/stable/c/15de71d06a400f7fdc15bf377a2552b0ec437cf5 Patch
https://git.kernel.org/stable/c/62d591dde4defb1333d202410609c4ddeae060b3 Patch
https://git.kernel.org/stable/c/710866fc0a64eafcb8bacd91bcb1329eb7e5035f Patch
https://git.kernel.org/stable/c/7689ab22de36f8db19095f6bdf11f28cfde92f5c Patch
https://git.kernel.org/stable/c/aa12ee1c1bd260943fd6ab556d8635811c332eeb Patch
https://git.kernel.org/stable/c/de04ddd2980b48caa8d7e24a7db2742917a8b280 Patch
https://git.kernel.org/stable/c/ff57186b2cc39766672c4c0332323933e5faaa88 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON