CVE-2025-37752: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37752 is a vulnerability discovered in the Linux kernel's network scheduler component (net_sched), specifically affecting the SFQ (Stochastic Fairness Queueing) scheduler implementation. The vulnerability was disclosed on May 1, 2025, and involves insufficient validation of limit parameters (NVD CVE, Wiz Report).

The vulnerability exists in the SFQ scheduler's limit validation process where the validation is performed directly on user-provided data without considering how other parameter changes might affect the limit value. This can lead to scenarios where the limit is indirectly updated through configurations such as 'tc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1' or 'tc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1'. When triggered, this results in an array-index-out-of-bounds condition in net/sched/schsfq.c, where an index of 65535 exceeds the bounds of struct sfqhead[128]. The vulnerability has been assigned a CVSS v3.1 score of 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (Red Hat).

The vulnerability can result in an array-index-out-of-bounds condition, which may lead to kernel crashes or memory corruption. This was confirmed through a syzkaller-reported crash where UBSAN (Undefined Behavior Sanitizer) detected the out-of-bounds access (Wiz Report).

The vulnerability has been addressed in various Linux kernel versions. Debian has implemented fixes in multiple releases including bullseye (5.10.234-1), bookworm (6.1.135-1), and sid (6.12.25-1). The fix involves moving the limit validation check to the end of the configuration update process to properly catch scenarios where the limit is indirectly updated (Debian Tracker).