CVE-2025-38568: 
Linux Kernel vulnerability analysis and mitigation

A stack out-of-bounds write vulnerability was discovered in the Linux kernel's network scheduler (net/sched) component, specifically in the mqprio tc entry parsing functionality. The vulnerability was assigned CVE-2025-38568 and was publicly disclosed on August 19, 2025. The issue affects the Linux kernel's traffic control (tc) subsystem (NVD, Debian Tracker).

The vulnerability occurs when TCAMQPRIOTCENTRYINDEX is validated using NLAPOLICYMAX(NLAU32, TCQOPTMAXQUEUE), which allows the value TCQOPTMAX_QUEUE (16). This validation leads to a 4-byte out-of-bounds stack write in the fp[] array, which only has room for 16 elements (0-15). The issue stems from improper bounds checking in the array indexing (NVD).

The vulnerability could allow an attacker to write beyond the bounds of the allocated stack memory, potentially leading to memory corruption and system instability. This type of vulnerability could potentially be exploited to cause denial of service or possibly achieve arbitrary code execution (Debian Tracker).

The vulnerability has been fixed by changing the policy to allow only up to TCQOPTMAX_QUEUE - 1. Various Linux distributions have released patches to address this issue. Debian has marked this as fixed in versions bullseye 5.10.237-1 and bookworm 6.1.147-1, while it remains vulnerable in trixie and sid versions 6.12.38-1 (Debian Tracker).