Critical Vulnerability Information Vulnerability Description: - HFSC (Hierarchical Fair Service Curve) has a reentrancy issue when handling duplicate class additions to the eltree. - When using NETEM and HFSC together, a specific method can bypass checks, leading to a Use-After-Free (UAF) vulnerability. Vulnerability Details: - The original patch (commit 141d34391abbb315d68556b7c67ad97885407547) only checks the field to determine if it's the first insertion, but this field is incremented only in . - Using the flag (via ) can bypass the check and allow a class to be inserted into the eltree twice, resulting in an infinite loop or UAF. Mitigation: - Explicitly check in whether a class is already in the eltree, especially when the flag is set. Related Links: - Original Patch - Code Snippet 1 - Code Snippet 2 - Code Snippet 3 - Report Details