From this webpage screenshot, the following key information about the vulnerability can be obtained: Vulnerability Type: This is a queue length (qlen) accounting error vulnerability that occurs during operations. Affected Code: The vulnerability exists in the function, which calls the child qdisc’s operation when enqueuing the first packet into an HFSC class. Issue Description: - Before calling the child qdisc’s operation, increments and . - If the child qdisc uses , this may trigger immediate dequeue and potential packet drop. - In such cases, is called, but the HFSC qdisc’s qlen and backlog have not yet been updated, leading to inconsistent queue accounting. - This may result in an empty HFSC class remaining in the active list, potentially causing further consequences such as use-after-free. Fix: - The issue is fixed by incrementing and before calling the child qdisc’s operation. - This ensures that queue length and backlog are always accurate when a packet drop or dequeue is triggered during . Related Commits: - Upstream commit: - Fix commit: Reporters and Reviewers: - Reporter: Mingi Cho - Reviewers: Cong Wang, Simon Horman, Jamal Hadi Salim, Paolo Abeni, Sasha Levin File Changes: - Modified file: - 1 file changed, 3 insertions, 3 deletions.