Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-21647— sched: sch_cake: add bounds checks to host bulk flow fairness counts

EPSS 0.02% · P6

Affected Version Matrix 17

VendorProductVersion RangeStatus
LinuxLinux4a4eeefa514db570be025ab46d779af180e2c9bb< 44fe1efb4961c1a5ccab16bb579dfc6b308ad58baffected
7725152b54d295b7da5e34c2f419539b30d017bd< b1a1743aaa4906c41c426eda97e2e2586f79246daffected
cde71a5677971f4f1b69b25e854891dbe78066a4< bb0245fa72b783cb23a9949c5048781341e91423affected
549e407569e08459d16122341d332cb508024094< a777e06dfc72bed73c05dcb437d7c27ad5f90f3faffected
d4a9039a7b3d8005b90c7b1a55a306444f0e5447< 27202e2e8721c3b23831563c36ed5ac7818641baaffected
546ea84d07e3e324644025e2aae2d12ea4c5896e< 91bb18950b88f955838ec0c1d97f74d135756dc7affected
546ea84d07e3e324644025e2aae2d12ea4c5896e< 737d4d91d35b5f7fa5bb442651472277318b0bfdaffected
d7c01c0714c04431b5e18cf17a9ea68a553d1c3caffected
… +9 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-21647

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
sched: sch_cake: add bounds checks to host bulk flow fairness counts
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out of bounds memory access. To avoid any such logic errors causing out of bounds memory accesses, this commit factors out all accesses to the per-host bulk flow counters to a series of helpers that perform bounds-checking before any increments and decrements. This also has the benefit of improving readability by moving the conditional checks for the flow mode into these helpers, instead of having them spread out throughout the code (which was the cause of the original logic error). As part of this change, the flow quantum calculation is consolidated into a helper function, which means that the dithering applied to the ost load scaling is now applied both in the DRR rotation and when a sparse flow's quantum is first initiated. The only user-visible effect of this is that the maximum packet size that can be sent while a flow stays sparse will now vary with +/- one byte in some cases. This should not make a noticeable difference in practice, and thus it's not worth complicating the code to preserve the old behaviour.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未正确检查边界,可能导致超出范围的内存访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 4a4eeefa514db570be025ab46d779af180e2c9bb ~ 44fe1efb4961c1a5ccab16bb579dfc6b308ad58b -
LinuxLinux 6.11 -

II. Public POCs for CVE-2025-21647

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-21647

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-01-19 · 47 CVEs total

CVE-2024-57916misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling
CVE-2024-57918drm/amd/display: fix page fault due to max surface definition mismatch
CVE-2024-57921drm/amdgpu: Add a lock when accessing the buddy trim function
CVE-2024-57925ksmbd: fix a missing return value check bug
CVE-2024-57926drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err
CVE-2024-57928netfs: Fix enomem handling in buffered reads
CVE-2024-57927nfs: Fix oops in nfs_netfs_init_request() when copying to cache
CVE-2024-57929dm array: fix releasing a faulty array block twice in dm_array_cursor_end
CVE-2024-57923btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path
CVE-2024-57917topology: Keep the cpumask unchanged when printing cpumap
CVE-2024-57919drm/amd/display: fix divide error in DM plane scale calcs
CVE-2024-57914usb: typec: tcpci: fix NULL pointer issue on shared irq case
CVE-2024-57913usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
CVE-2024-57912iio: pressure: zpa2326: fix information leak in triggered buffer
CVE-2024-57911iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
CVE-2024-57910iio: light: vcnl4035: fix information leak in triggered buffer
CVE-2024-57908iio: imu: kmx61: fix information leak in triggered buffer
CVE-2024-57909iio: light: bh1745: fix information leak in triggered buffer
CVE-2024-57907iio: adc: rockchip_saradc: fix information leak in triggered buffer
CVE-2024-57905iio: adc: ti-ads1119: fix information leak in triggered buffer

Showing top 20 of 47 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2025-21647

No comments yet

Leave a comment