CVE-2025-53057: 
Amazon Corretto JDK vulnerability analysis and mitigation

CVE-2024-53057 is a vulnerability discovered in the Linux kernel's network scheduler API. The issue affects the qdisctreereduce_backlog functionality where Qdiscs with major handle ffff: are incorrectly assumed to be either root or ingress. This vulnerability was discovered by Budimir Markovic and affects Linux kernel versions from 2.6.25 up to versions before 4.19.323, 5.4.285, 5.10.229, 5.15.171, 6.1.116, 6.6.60, and 6.11.7 (NVD).

The vulnerability stems from an invalid assumption in qdisctreereduce_backlog where Qdiscs with major handle ffff: are assumed to be either root or ingress, despite it being valid to create egress qdiscs with major handle ffff:. For qdiscs like DRR that maintain an active class list, this can result in a Use-After-Free (UAF) condition with a dangling class pointer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to a Use-After-Free condition, potentially allowing an attacker to execute arbitrary code with elevated privileges. The high CVSS score indicates that successful exploitation could result in complete compromise of confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been fixed in the Linux kernel by modifying the qdisctreereducebacklog functionality to stop when parent TCHROOT is reached. This is because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle calls into qdisclookup with TCHMAJ(TCHROOT). The fix involves changes to net/sched/sch_api.c with one line insertion and one deletion (NVD).