{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-21971","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.797Z","datePublished":"2025-04-01T15:47:04.448Z","dateUpdated":"2026-05-11T21:10:08.235Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:10:08.235Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/sched/sch_api.c"],"versions":[{"version":"066a3b5b2346febf9a655b444567b7138e3bb939","lessThan":"e05d9938b1b0ac40b6054cc5fa0ccbd9afd5ed4c","status":"affected","versionType":"git"},{"version":"066a3b5b2346febf9a655b444567b7138e3bb939","lessThan":"7a82fe67a9f4d7123d8e5ba8f0f0806c28695006","status":"affected","versionType":"git"},{"version":"066a3b5b2346febf9a655b444567b7138e3bb939","lessThan":"003d92c91cdb5a64b25a9a74cb8543aac9a8bb48","status":"affected","versionType":"git"},{"version":"066a3b5b2346febf9a655b444567b7138e3bb939","lessThan":"e5ee00607bbfc97ef1526ea95b6b2458ac9e7cb7","status":"affected","versionType":"git"},{"version":"066a3b5b2346febf9a655b444567b7138e3bb939","lessThan":"78533c4a29ac3aeddce4b481770beaaa4f3bfb67","status":"affected","versionType":"git"},{"version":"066a3b5b2346febf9a655b444567b7138e3bb939","lessThan":"5c3ca9cb48b51bd72bf76b8b05e24f3cd53db5e7","status":"affected","versionType":"git"},{"version":"066a3b5b2346febf9a655b444567b7138e3bb939","lessThan":"94edfdfb9505ab608e86599d1d1e38c83816fc1c","status":"affected","versionType":"git"},{"version":"066a3b5b2346febf9a655b444567b7138e3bb939","lessThan":"0c3057a5a04d07120b3d0ec9c79568fceb9c921e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/sched/sch_api.c"],"versions":[{"version":"2.6.25","status":"affected"},{"version":"0","lessThan":"2.6.25","status":"unaffected","versionType":"semver"},{"version":"5.4.292","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.236","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.180","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.132","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.84","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.20","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.8","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"5.4.292"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"5.10.236"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"5.15.180"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"6.1.132"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"6.6.84"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"6.12.20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"6.13.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"6.14"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e05d9938b1b0ac40b6054cc5fa0ccbd9afd5ed4c"},{"url":"https://git.kernel.org/stable/c/7a82fe67a9f4d7123d8e5ba8f0f0806c28695006"},{"url":"https://git.kernel.org/stable/c/003d92c91cdb5a64b25a9a74cb8543aac9a8bb48"},{"url":"https://git.kernel.org/stable/c/e5ee00607bbfc97ef1526ea95b6b2458ac9e7cb7"},{"url":"https://git.kernel.org/stable/c/78533c4a29ac3aeddce4b481770beaaa4f3bfb67"},{"url":"https://git.kernel.org/stable/c/5c3ca9cb48b51bd72bf76b8b05e24f3cd53db5e7"},{"url":"https://git.kernel.org/stable/c/94edfdfb9505ab608e86599d1d1e38c83816fc1c"},{"url":"https://git.kernel.org/stable/c/0c3057a5a04d07120b3d0ec9c79568fceb9c921e"}],"title":"net_sched: Prevent creation of classes with TC_H_ROOT","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:40:14.063Z"}}]}}