CVE-2025-38553
Vulnerability Scoring
Analysis In Progress
CVE-2025-38553 Vulnerability Analysis & Exploit Details
CVE-2025-38553
Attack Complexity Details
-
Attack Complexity:
Attack Complexity Analysis In Progress
-
Attack Vector:
Attack Vector Under Analysis
-
Privileges Required:
None
No authentication is required for exploitation.
-
Scope:
Impact is confined to the initially vulnerable component.
-
User Interaction:
None
No user interaction is necessary for exploitation.
CVE-2025-38553 Details
Status: Received on 19 Aug 2025, 06:15 UTC
Published on: 19 Aug 2025, 06:15 UTC
CVSS Release:
CVE-2025-38553 Vulnerability Summary
CVE-2025-38553: In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in netem_dequeue, as seen in [1]. Ensure that a duplicating netem cannot exist in a tree with other netems. Previous approaches suggested in discussions in chronological order: 1) Track duplication status or ttl in the sk_buff struct. Considered too specific a use case to extend such a struct, though this would be a resilient fix and address other previous and potential future DOS bugs like the one described in loopy fun [2]. 2) Restrict netem_enqueue recursion depth like in act_mirred with a per cpu variable. However, netem_dequeue can call enqueue on its child, and the depth restriction could be bypassed if the child is a netem. 3) Use the same approach as in 2, but add metadata in netem_skb_cb to handle the netem_dequeue case and track a packet's involvement in duplication. This is an overly complex approach, and Jamal notes that the skb cb can be overwritten to circumvent this safeguard. 4) Prevent the addition of a netem to a qdisc tree if its ancestral path contains a netem. However, filters and actions can cause a packet to change paths when re-enqueued to the root from netem duplication, leading us to the current solution: prevent a duplicating netem from inhabiting the same tree as other netems. [1] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/ [2] https://lwn.net/Articles/719297/
Assessing the Risk of CVE-2025-38553
Access Complexity Graph
The exploitability of CVE-2025-38553 depends on two key factors: attack complexity (the level of effort required to execute an exploit) and privileges required (the access level an attacker needs).
Exploitability Analysis for CVE-2025-38553
No exploitability data is available for CVE-2025-38553.
Understanding AC and PR
A lower complexity and fewer privilege requirements make exploitation easier. Security teams should evaluate these aspects to determine the urgency of mitigation strategies, such as patch management and access control policies.
Attack Complexity (AC) measures the difficulty in executing an exploit. A high AC means that specific conditions must be met, making an attack more challenging, while a low AC means the vulnerability can be exploited with minimal effort.
Privileges Required (PR) determine the level of system access necessary for an attack. Vulnerabilities requiring no privileges are more accessible to attackers, whereas high privilege requirements limit exploitation to authorized users with elevated access.
CVSS Score Breakdown Chart
Above is the CVSS Sub-score Breakdown for CVE-2025-38553, illustrating how Base, Impact, and Exploitability factors combine to form the overall severity rating. A higher sub-score typically indicates a more severe or easier-to-exploit vulnerability.
CIA Impact Analysis
Below is the Impact Analysis for CVE-2025-38553, showing how Confidentiality, Integrity, and Availability might be affected if the vulnerability is exploited. Higher values usually signal greater potential damage.
-
Confidentiality:
None
CVE-2025-38553 does not compromise confidentiality.
-
Integrity:
None
CVE-2025-38553 does not impact data integrity.
-
Availability:
None
CVE-2025-38553 does not affect system availability.
CVE-2025-38553 References
External References
- https://git.kernel.org/stable/c/09317dfb681ac5a96fc69bea0c54441cf91b8270
- https://git.kernel.org/stable/c/103c4e27ec9f5fe53022e46e976abf52c7221baf
- https://git.kernel.org/stable/c/250f8796006c0f2bc638ce545f601d49ae8d528b
- https://git.kernel.org/stable/c/325f5ec67cc0a77f2d0d453445b9857f1cd06c76
- https://git.kernel.org/stable/c/795cb393e38977aa991e70a9363da0ee734b2114
- https://git.kernel.org/stable/c/ec8e0e3d7adef940cdf9475e2352c0680189d14e
CWE Common Weakness Enumeration
Unknown
Protect Your Infrastructure against CVE-2025-38553: Combat Critical CVE Threats
Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.
Other 5 Recently Published CVEs Vulnerabilities
- CVE-2025-8567 – The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5....
- CVE-2025-41689 – An unauthenticated remote attacker can grant access without password protection to the affected device. This enables the unprotected read-only acce...
- CVE-2025-41685 – A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address.
- CVE-2025-8723 – The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitizati...
- CVE-2025-8622 – The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flexible Maps shortcode in all versions up to, ...