CVE-2025-38001: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38001 is a vulnerability discovered in the Linux kernel affecting the net_sched HFSC (Hierarchical Fair Service Curve) scheduler component. The vulnerability was disclosed on June 6, 2025, and involves a potential Use-After-Free (UAF) condition when HFSC is utilized with NETEM (NVD CVE Details, Wiz Report).

The vulnerability stems from a bypass in a previous patch (141d34391abbb315d68556b7c67ad97885407547) that attempted to address reentrant enqueue issues. The flaw occurs because the patch only checks the cl->cl_nactive field to determine first insertion, but this field is only incremented by init_vf. When using HFSC_RSC (which uses init_ed), it becomes possible to bypass the check and insert the class twice in the eltree. This can lead to an infinite loop in hfsc_dequeue under normal conditions, but when combined with TBF as root qdisc configured with a very low rate, it can prevent packets from being dequeued, enabling subsequent insertions in the HFSC eltree and causing a UAF condition (NVD CVE Details).

The vulnerability can result in a Use-After-Free condition in the Linux kernel's network scheduling component, potentially leading to system instability or crashes. Additionally, under specific configurations involving TBF as root qdisc, the vulnerability can cause packet processing disruptions (Wiz Report).

The fix involves explicitly checking in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set, particularly when netem is used as an hfsc child. This addresses both the UAF condition and the infinite loop issue (NVD CVE Details).