Wiz
Vulnerability DatabaseCVE-2025-38568

CVE-2025-38568
Linux Kernel vulnerability analysis and mitigation

Overview

CVE-2025-38568 is a vulnerability discovered in the Linux kernel affecting the net/sched subsystem, specifically in the mqprio (Multiple Priority Queue) traffic control component. The vulnerability was disclosed on August 19, 2025, and involves a stack out-of-bounds write issue in the tc entry parsing functionality (NVD).

Technical details

The vulnerability stems from improper validation of TCAMQPRIOTCENTRYINDEX using NLAPOLICYMAX(NLAU32, TCQOPTMAXQUEUE), which allows the value TCQOPTMAXQUEUE (16). This validation issue results in a 4-byte out-of-bounds stack write in the fp[] array, which only has capacity for 16 elements (0-15). The fix involves modifying the policy to allow only up to TCQOPTMAXQUEUE - 1 (NVD).

Impact

The vulnerability could potentially lead to memory corruption through a stack buffer overflow, which might result in system crashes or potential privilege escalation. However, specific impact details have not been fully assessed as the vulnerability is still under analysis (NVD).

Mitigation and workarounds

The vulnerability has been resolved in the Linux kernel through a patch that modifies the validation policy for TCAMQPRIOTCENTRYINDEX. The fix ensures that the index value cannot exceed the actual array size by limiting it to TCQOPTMAX_QUEUE - 1 (NVD).

Additional resources

SourceThis report was generated using AI

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-40205HIGH7.8
  • Linux KernelLinux Kernel
  • linux-gcp-5.4
NoYesNov 12, 2025
CVE-2025-40211HIGH7.1
  • Linux KernelLinux Kernel
  • linux-gcp-6.8
NoYesNov 21, 2025
CVE-2025-40206MEDIUM5.5
  • Linux KernelLinux Kernel
  • kernel-zfcpdump-modules-extra
NoYesNov 12, 2025
CVE-2025-40210MEDIUM5.1
  • Linux KernelLinux Kernel
  • kernel-rt-64k-modules
NoYesNov 21, 2025
CVE-2025-40212N/AN/A
  • Linux KernelLinux Kernel
  • linux-azure-6.14
NoYesNov 24, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo