Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-37992
CVE-2025-37992:
Linux Kernel vulnerability analysis and mitigation
Overview
CVE-2025-37992 is a vulnerability discovered in the Linux kernel's network scheduling (netsched) component. The vulnerability was published on May 26, 2025, and relates to improper handling of the gsoskb list during qdisc limit changes (NVD).
Technical details
The vulnerability occurs when reducing a qdisc's limit via the ->change() operation, where only the main skb queue was being trimmed, potentially leaving packets in the gsoskb list. This could result in a NULL pointer dereference when checking sch->limit against sch->q.qlen. The issue affects multiple qdiscs including codel, fq, fqcodel, fq_pie, hhf, and pie (NVD).
Impact
The vulnerability could lead to NULL pointer dereferences in the Linux kernel's network scheduling component, potentially causing system instability or crashes (NVD).
Mitigation and workarounds
A patch has been implemented that introduces a new helper function called qdiscdequeueinternal(), which ensures both the gso_skb list and the main queue are properly flushed when trimming excess packets. All affected qdiscs have been updated to use this new helper in their ->change() routines (NVD).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management