[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-38684":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":26,"state":9,"summary":27,"references_raw":29,"kevs":36,"epss":9,"epss_history":37,"metrics":38,"affected":45},"DEBIAN-CVE-2025-38684","In the Linux kernel, the following vulnerability has been resolved:  net/sched: ets: use old 'nbands' while purging unused classes  Shuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify() after recent changes from Lion [2]. The problem is: in ets_qdisc_change() we purge unused DWRR queues; the value of 'q->nbands' is the new one, and the cleanup should be done with the old one. The problem is here since my first attempts to fix ets_qdisc_change(), but it surfaced again after the recent qdisc len accounting fixes. Fix it purging idle DWRR queues before assigning a new value of 'q->nbands', so that all purge operations find a consistent configuration:   - old 'q->nbands' because it's needed by ets_class_find()  - old 'q->nstrict' because it's needed by ets_class_is_strict()   BUG: kernel NULL pointer dereference, address: 0000000000000000  #PF: supervisor read access in kernel mode  #PF: error_code(0x0000) - not-present page  PGD 0 P4D 0  Oops: Oops: 0000 [#1] SMP NOPTI  CPU: 62 UID: 0 PID: 39457 Comm: tc Kdump: loaded Not tainted 6.12.0-116.el10.x86_64 #1 PREEMPT(voluntary)  Hardware name: Dell Inc. PowerEdge R640/06DKY5, BIOS 2.12.2 07/09/2021  RIP: 0010:__list_del_entry_valid_or_report+0x4/0x80  Code: ff 4c 39 c7 0f 84 39 19 8e ff b8 01 00 00 00 c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003C48> 8b 17 48 8b 4f 08 48 85 d2 0f 84 56 19 8e ff 48 85 c9 0f 84 ab  RSP: 0018:ffffba186009f400 EFLAGS: 00010202  RAX: 00000000000000d6 RBX: 0000000000000000 RCX: 0000000000000004  RDX: ffff9f0fa29b69c0 RSI: 0000000000000000 RDI: 0000000000000000  RBP: ffffffffc12c2400 R08: 0000000000000008 R09: 0000000000000004  R10: ffffffffffffffff R11: 0000000000000004 R12: 0000000000000000  R13: ffff9f0f8cfe0000 R14: 0000000000100005 R15: 0000000000000000  FS:  00007f2154f37480(0000) GS:ffff9f269c1c0000(0000) knlGS:0000000000000000  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  CR2: 0000000000000000 CR3: 00000001530be001 CR4: 00000000007726f0  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400  PKRU: 55555554  Call Trace:   \u003CTASK>   ets_class_qlen_notify+0x65/0x90 [sch_ets]   qdisc_tree_reduce_backlog+0x74/0x110   ets_qdisc_change+0x630/0xa40 [sch_ets]   __tc_modify_qdisc.constprop.0+0x216/0x7f0   tc_modify_qdisc+0x7c/0x120   rtnetlink_rcv_msg+0x145/0x3f0   netlink_rcv_skb+0x53/0x100   netlink_unicast+0x245/0x390   netlink_sendmsg+0x21b/0x470   ____sys_sendmsg+0x39d/0x3d0   ___sys_sendmsg+0x9a/0xe0   __sys_sendmsg+0x7a/0xd0   do_syscall_64+0x7d/0x160   entry_SYSCALL_64_after_hwframe+0x76/0x7e  RIP: 0033:0x7f2155114084  Code: 89 02 b8 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 80 3d 25 f0 0c 00 00 74 13 b8 2e 00 00 00 0f 05 \u003C48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89  RSP: 002b:00007fff1fd7a988 EFLAGS: 00000202 ORIG_RAX: 000000000000002e  RAX: ffffffffffffffda RBX: 0000560ec063e5e0 RCX: 00007f2155114084  RDX: 0000000000000000 RSI: 00007fff1fd7a9f0 RDI: 0000000000000003  RBP: 00007fff1fd7aa60 R08: 0000000000000010 R09: 000000000000003f  R10: 0000560ee9b3a010 R11: 0000000000000202 R12: 00007fff1fd7aae0  R13: 000000006891ccde R14: 0000560ec063e5e0 R15: 00007fff1fd7aad0   \u003C/TASK>   [1] https://lore.kernel.org/netdev/e08c7f4a6882f260011909a868311c6e9b54f3e4.1639153474.git.dcaratti@redhat.com/  [2] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",null,[],[],[],[14],{"_key":15},"CVE-2025-38684",[17,19,21],{"_key":18},"DLA-4327-1",{"_key":20},"DLA-4328-1",{"_key":22},"DSA-6009-1",[],[],"2025-09-04T16:15:36.210Z","2026-04-28T20:30:02.545585Z",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[30],{"url":31,"sources":32,"tags":34},"https://security-tracker.debian.org/tracker/CVE-2025-38684",[33],"osv_debian",[35],"Advisory",[],[],[39],{"source":33,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":40,"cvss_v4_0":9},{"baseScore":41,"baseSeverity":9,"vectorString":42,"impactScore":43,"exploitabilityScore":44},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[46,67],{"ecosystem":47,"name":48,"vendor":49,"product":48,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":48,"source":9,"versions":51},"Debian","linux","debian","deb",[52,58,61,64],{"version":53,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":56,"version_end_type":57,"fixed_in":9},"lt5_10_244_1",true,"ecosystem","5.10.244-1","excluding",{"version":59,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":60,"version_end_type":57,"fixed_in":9},"lt6_1_153_1","6.1.153-1",{"version":62,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":57,"fixed_in":9},"lt6_12_43_1","6.12.43-1",{"version":65,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":66,"version_end_type":57,"fixed_in":9},"lt6_16_3_1","6.16.3-1",{"ecosystem":47,"name":68,"vendor":49,"product":68,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":68,"source":9,"versions":69},"linux-6.1",[70],{"version":71,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":72,"version_end_type":57,"fixed_in":9},"lt6_1_153_1~deb11u1","6.1.153-1~deb11u1"]