In the Linux kernel, a vulnerability has been discovered and resolved. This vulnerability is related to an out-of-bound indexing in the Earliest Scheduler (ETS) Qdisc class, which can result in a potential local privilege escalation. This vulnerability is now assigned CVE-2025-21692.

The vulnerability was discovered by Haowei Yan. The issue occurs when ets_class_from_arg(), a kernel function that gets classes from arguments, passes clid of , which can cause an out-of-bound indexing into the ets_class. The overflow may lead to local privilege escalation.

Here's a snippet of the kernel bug report from the debug log

[   18.852298] ------------[ cut here ]------------
[   18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20
[   18.853743] index 18446744073709551615 is out of range for type 'ets_class [16]'

The overflow was caused by an unchecked index value of 18446744073709551615, which is out of range for the ets_class array with a maximum index of 15. The above error log can be found at the following link to the original reference:

Link to reference

To fix this issue, proper bounds checking should be added before creating or updating an ETS class. The Linux kernel developers have now addressed this vulnerability and an updated version of the Linux kernel should be used to fix the issue.

The exploit details for this vulnerability are not publicly available yet. However, given the nature of the vulnerability, an attacker who can successfully exploit it might be able to gain local privilege escalation on affected systems. This could allow attackers to run arbitrary code at higher privilege levels, gaining unauthorized access to sensitive information or compromising the security of affected systems.

It is highly recommended that users update their Linux kernel to the latest version or apply a patch if available to protect their systems against potential exploitation of this vulnerability.

For more information on this vulnerability and its fixed version, refer to

- Original Reference
- Linux Kernel Source Code

Timeline

Published on: 02/10/2025 16:15:38 UTC
Last modified on: 03/24/2025 15:38:58 UTC