CVE-2025-71066 (GCVE-0-2025-71066)

Vulnerability from cvelistv5 – Published: 2026-01-13 15:31 – Updated: 2026-01-13 15:31
VLAI?
Title
net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
Summary
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_change`. It leads to UAF on `struct Qdisc` object. Attacker requires the capability to create new user and network namespace in order to trigger the bug. See my additional commentary at the end of the analysis. Analysis: static int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt, struct netlink_ext_ack *extack) { ... // (1) this lock is preventing .change handler (`ets_qdisc_change`) //to race with .dequeue handler (`ets_qdisc_dequeue`) sch_tree_lock(sch); for (i = nbands; i < oldbands; i++) { if (i >= q->nstrict && q->classes[i].qdisc->q.qlen) list_del_init(&q->classes[i].alist); qdisc_purge_queue(q->classes[i].qdisc); } WRITE_ONCE(q->nbands, nbands); for (i = nstrict; i < q->nstrict; i++) { if (q->classes[i].qdisc->q.qlen) { // (2) the class is added to the q->active list_add_tail(&q->classes[i].alist, &q->active); q->classes[i].deficit = quanta[i]; } } WRITE_ONCE(q->nstrict, nstrict); memcpy(q->prio2band, priomap, sizeof(priomap)); for (i = 0; i < q->nbands; i++) WRITE_ONCE(q->classes[i].quantum, quanta[i]); for (i = oldbands; i < q->nbands; i++) { q->classes[i].qdisc = queues[i]; if (q->classes[i].qdisc != &noop_qdisc) qdisc_hash_add(q->classes[i].qdisc, true); } // (3) the qdisc is unlocked, now dequeue can be called in parallel // to the rest of .change handler sch_tree_unlock(sch); ets_offload_change(sch); for (i = q->nbands; i < oldbands; i++) { // (4) we're reducing the refcount for our class's qdisc and // freeing it qdisc_put(q->classes[i].qdisc); // (5) If we call .dequeue between (4) and (5), we will have // a strong UAF and we can control RIP q->classes[i].qdisc = NULL; WRITE_ONCE(q->classes[i].quantum, 0); q->classes[i].deficit = 0; gnet_stats_basic_sync_init(&q->classes[i].bstats); memset(&q->classes[i].qstats, 0, sizeof(q->classes[i].qstats)); } return 0; } Comment: This happens because some of the classes have their qdiscs assigned to NULL, but remain in the active list. This commit fixes this issue by always removing the class from the active list before deleting and freeing its associated qdisc Reproducer Steps (trimmed version of what was sent by zdi-disclosures@trendmicro.com) ``` DEV="${DEV:-lo}" ROOT_HANDLE="${ROOT_HANDLE:-1:}" BAND2_HANDLE="${BAND2_HANDLE:-20:}" # child under 1:2 PING_BYTES="${PING_BYTES:-48}" PING_COUNT="${PING_COUNT:-200000}" PING_DST="${PING_DST:-127.0.0.1}" SLOW_TBF_RATE="${SLOW_TBF_RATE:-8bit}" SLOW_TBF_BURST="${SLOW_TBF_BURST:-100b}" SLOW_TBF_LAT="${SLOW_TBF_LAT:-1s}" cleanup() { tc qdisc del dev "$DEV" root 2>/dev/null } trap cleanup EXIT ip link set "$DEV" up tc qdisc del dev "$DEV" root 2>/dev/null || true tc qdisc add dev "$DEV" root handle "$ROOT_HANDLE" ets bands 2 strict 2 tc qdisc add dev "$DEV" parent 1:2 handle "$BAND2_HANDLE" \ tbf rate "$SLOW_TBF_RATE" burst "$SLOW_TBF_BURST" latency "$SLOW_TBF_LAT" tc filter add dev "$DEV" parent 1: protocol all prio 1 u32 match u32 0 0 flowid 1:2 tc -s qdisc ls dev $DEV ping -I "$DEV" -f -c "$PING_COUNT" -s "$PING_BYTES" -W 0.001 "$PING_DST" \ >/dev/null 2>&1 & tc qdisc change dev "$DEV" root handle "$ROOT_HANDLE" ets bands 2 strict 0 tc qdisc change dev "$DEV" root handle "$ROOT_HANDLE" ets bands 2 strict 2 tc -s qdisc ls dev $DEV tc qdisc del dev "$DEV" parent ---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: de6d25924c2a8c2988c6a385990cafbe742061bf , < a75d617a4ef08682f5cfaadc01d5141c87e019c9 (git)
Affected: de6d25924c2a8c2988c6a385990cafbe742061bf , < 9987cda315c08f63a02423fa2f9a1f6602c861a0 (git)
Affected: de6d25924c2a8c2988c6a385990cafbe742061bf , < 06bfb66a7c8b45e3fed01351a4b087410ae5ef39 (git)
Affected: de6d25924c2a8c2988c6a385990cafbe742061bf , < 45466141da3c98a0c5fa88be0bc14b4b6a4bd75c (git)
Affected: de6d25924c2a8c2988c6a385990cafbe742061bf , < ce052b9402e461a9aded599f5b47e76bc727f7de (git)
Affected: ae2659d2c670252759ee9c823c4e039c0e05a6f2 (git)
Affected: e25bdbc7e951ae5728fee1f4c09485df113d013c (git)
Create a notification for this product.
    Linux Linux Affected: 5.16
Unaffected: 0 , < 5.16 (semver)
Unaffected: 6.1.160 , ≤ 6.1.* (semver)
Unaffected: 6.6.120 , ≤ 6.6.* (semver)
Unaffected: 6.12.64 , ≤ 6.12.* (semver)
Unaffected: 6.18.3 , ≤ 6.18.* (semver)
Unaffected: 6.19-rc2 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_ets.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a75d617a4ef08682f5cfaadc01d5141c87e019c9",
              "status": "affected",
              "version": "de6d25924c2a8c2988c6a385990cafbe742061bf",
              "versionType": "git"
            },
            {
              "lessThan": "9987cda315c08f63a02423fa2f9a1f6602c861a0",
              "status": "affected",
              "version": "de6d25924c2a8c2988c6a385990cafbe742061bf",
              "versionType": "git"
            },
            {
              "lessThan": "06bfb66a7c8b45e3fed01351a4b087410ae5ef39",
              "status": "affected",
              "version": "de6d25924c2a8c2988c6a385990cafbe742061bf",
              "versionType": "git"
            },
            {
              "lessThan": "45466141da3c98a0c5fa88be0bc14b4b6a4bd75c",
              "status": "affected",
              "version": "de6d25924c2a8c2988c6a385990cafbe742061bf",
              "versionType": "git"
            },
            {
              "lessThan": "ce052b9402e461a9aded599f5b47e76bc727f7de",
              "status": "affected",
              "version": "de6d25924c2a8c2988c6a385990cafbe742061bf",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ae2659d2c670252759ee9c823c4e039c0e05a6f2",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e25bdbc7e951ae5728fee1f4c09485df113d013c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_ets.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19-rc2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.160",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.120",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.64",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.3",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19-rc2",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.10.83",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.15.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: Always remove class from active list before deleting in ets_qdisc_change\n\nzdi-disclosures@trendmicro.com says:\n\nThe vulnerability is a race condition between `ets_qdisc_dequeue` and\n`ets_qdisc_change`.  It leads to UAF on `struct Qdisc` object.\nAttacker requires the capability to create new user and network namespace\nin order to trigger the bug.\nSee my additional commentary at the end of the analysis.\n\nAnalysis:\n\nstatic int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt,\n                          struct netlink_ext_ack *extack)\n{\n...\n\n      // (1) this lock is preventing .change handler (`ets_qdisc_change`)\n      //to race with .dequeue handler (`ets_qdisc_dequeue`)\n      sch_tree_lock(sch);\n\n      for (i = nbands; i \u003c oldbands; i++) {\n              if (i \u003e= q-\u003enstrict \u0026\u0026 q-\u003eclasses[i].qdisc-\u003eq.qlen)\n                      list_del_init(\u0026q-\u003eclasses[i].alist);\n              qdisc_purge_queue(q-\u003eclasses[i].qdisc);\n      }\n\n      WRITE_ONCE(q-\u003enbands, nbands);\n      for (i = nstrict; i \u003c q-\u003enstrict; i++) {\n              if (q-\u003eclasses[i].qdisc-\u003eq.qlen) {\n\t\t      // (2) the class is added to the q-\u003eactive\n                      list_add_tail(\u0026q-\u003eclasses[i].alist, \u0026q-\u003eactive);\n                      q-\u003eclasses[i].deficit = quanta[i];\n              }\n      }\n      WRITE_ONCE(q-\u003enstrict, nstrict);\n      memcpy(q-\u003eprio2band, priomap, sizeof(priomap));\n\n      for (i = 0; i \u003c q-\u003enbands; i++)\n              WRITE_ONCE(q-\u003eclasses[i].quantum, quanta[i]);\n\n      for (i = oldbands; i \u003c q-\u003enbands; i++) {\n              q-\u003eclasses[i].qdisc = queues[i];\n              if (q-\u003eclasses[i].qdisc != \u0026noop_qdisc)\n                      qdisc_hash_add(q-\u003eclasses[i].qdisc, true);\n      }\n\n      // (3) the qdisc is unlocked, now dequeue can be called in parallel\n      // to the rest of .change handler\n      sch_tree_unlock(sch);\n\n      ets_offload_change(sch);\n      for (i = q-\u003enbands; i \u003c oldbands; i++) {\n\t      // (4) we\u0027re reducing the refcount for our class\u0027s qdisc and\n\t      //  freeing it\n              qdisc_put(q-\u003eclasses[i].qdisc);\n\t      // (5) If we call .dequeue between (4) and (5), we will have\n\t      // a strong UAF and we can control RIP\n              q-\u003eclasses[i].qdisc = NULL;\n              WRITE_ONCE(q-\u003eclasses[i].quantum, 0);\n              q-\u003eclasses[i].deficit = 0;\n              gnet_stats_basic_sync_init(\u0026q-\u003eclasses[i].bstats);\n              memset(\u0026q-\u003eclasses[i].qstats, 0, sizeof(q-\u003eclasses[i].qstats));\n      }\n      return 0;\n}\n\nComment:\nThis happens because some of the classes have their qdiscs assigned to\nNULL, but remain in the active list. This commit fixes this issue by always\nremoving the class from the active list before deleting and freeing its\nassociated qdisc\n\nReproducer Steps\n(trimmed version of what was sent by zdi-disclosures@trendmicro.com)\n\n```\nDEV=\"${DEV:-lo}\"\nROOT_HANDLE=\"${ROOT_HANDLE:-1:}\"\nBAND2_HANDLE=\"${BAND2_HANDLE:-20:}\"   # child under 1:2\nPING_BYTES=\"${PING_BYTES:-48}\"\nPING_COUNT=\"${PING_COUNT:-200000}\"\nPING_DST=\"${PING_DST:-127.0.0.1}\"\n\nSLOW_TBF_RATE=\"${SLOW_TBF_RATE:-8bit}\"\nSLOW_TBF_BURST=\"${SLOW_TBF_BURST:-100b}\"\nSLOW_TBF_LAT=\"${SLOW_TBF_LAT:-1s}\"\n\ncleanup() {\n  tc qdisc del dev \"$DEV\" root 2\u003e/dev/null\n}\ntrap cleanup EXIT\n\nip link set \"$DEV\" up\n\ntc qdisc del dev \"$DEV\" root 2\u003e/dev/null || true\n\ntc qdisc add dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 2\n\ntc qdisc add dev \"$DEV\" parent 1:2 handle \"$BAND2_HANDLE\" \\\n  tbf rate \"$SLOW_TBF_RATE\" burst \"$SLOW_TBF_BURST\" latency \"$SLOW_TBF_LAT\"\n\ntc filter add dev \"$DEV\" parent 1: protocol all prio 1 u32 match u32 0 0 flowid 1:2\ntc -s qdisc ls dev $DEV\n\nping -I \"$DEV\" -f -c \"$PING_COUNT\" -s \"$PING_BYTES\" -W 0.001 \"$PING_DST\" \\\n  \u003e/dev/null 2\u003e\u00261 \u0026\ntc qdisc change dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 0\ntc qdisc change dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 2\ntc -s qdisc ls dev $DEV\ntc qdisc del dev \"$DEV\" parent \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T15:31:21.931Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a75d617a4ef08682f5cfaadc01d5141c87e019c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/9987cda315c08f63a02423fa2f9a1f6602c861a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/06bfb66a7c8b45e3fed01351a4b087410ae5ef39"
        },
        {
          "url": "https://git.kernel.org/stable/c/45466141da3c98a0c5fa88be0bc14b4b6a4bd75c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce052b9402e461a9aded599f5b47e76bc727f7de"
        }
      ],
      "title": "net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-71066",
    "datePublished": "2026-01-13T15:31:21.931Z",
    "dateReserved": "2026-01-13T15:30:19.646Z",
    "dateUpdated": "2026-01-13T15:31:21.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-71066\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-01-13T16:16:05.960\",\"lastModified\":\"2026-01-13T16:16:05.960\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/sched: ets: Always remove class from active list before deleting in ets_qdisc_change\\n\\nzdi-disclosures@trendmicro.com says:\\n\\nThe vulnerability is a race condition between `ets_qdisc_dequeue` and\\n`ets_qdisc_change`.  It leads to UAF on `struct Qdisc` object.\\nAttacker requires the capability to create new user and network namespace\\nin order to trigger the bug.\\nSee my additional commentary at the end of the analysis.\\n\\nAnalysis:\\n\\nstatic int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt,\\n                          struct netlink_ext_ack *extack)\\n{\\n...\\n\\n      // (1) this lock is preventing .change handler (`ets_qdisc_change`)\\n      //to race with .dequeue handler (`ets_qdisc_dequeue`)\\n      sch_tree_lock(sch);\\n\\n      for (i = nbands; i \u003c oldbands; i++) {\\n              if (i \u003e= q-\u003enstrict \u0026\u0026 q-\u003eclasses[i].qdisc-\u003eq.qlen)\\n                      list_del_init(\u0026q-\u003eclasses[i].alist);\\n              qdisc_purge_queue(q-\u003eclasses[i].qdisc);\\n      }\\n\\n      WRITE_ONCE(q-\u003enbands, nbands);\\n      for (i = nstrict; i \u003c q-\u003enstrict; i++) {\\n              if (q-\u003eclasses[i].qdisc-\u003eq.qlen) {\\n\\t\\t      // (2) the class is added to the q-\u003eactive\\n                      list_add_tail(\u0026q-\u003eclasses[i].alist, \u0026q-\u003eactive);\\n                      q-\u003eclasses[i].deficit = quanta[i];\\n              }\\n      }\\n      WRITE_ONCE(q-\u003enstrict, nstrict);\\n      memcpy(q-\u003eprio2band, priomap, sizeof(priomap));\\n\\n      for (i = 0; i \u003c q-\u003enbands; i++)\\n              WRITE_ONCE(q-\u003eclasses[i].quantum, quanta[i]);\\n\\n      for (i = oldbands; i \u003c q-\u003enbands; i++) {\\n              q-\u003eclasses[i].qdisc = queues[i];\\n              if (q-\u003eclasses[i].qdisc != \u0026noop_qdisc)\\n                      qdisc_hash_add(q-\u003eclasses[i].qdisc, true);\\n      }\\n\\n      // (3) the qdisc is unlocked, now dequeue can be called in parallel\\n      // to the rest of .change handler\\n      sch_tree_unlock(sch);\\n\\n      ets_offload_change(sch);\\n      for (i = q-\u003enbands; i \u003c oldbands; i++) {\\n\\t      // (4) we\u0027re reducing the refcount for our class\u0027s qdisc and\\n\\t      //  freeing it\\n              qdisc_put(q-\u003eclasses[i].qdisc);\\n\\t      // (5) If we call .dequeue between (4) and (5), we will have\\n\\t      // a strong UAF and we can control RIP\\n              q-\u003eclasses[i].qdisc = NULL;\\n              WRITE_ONCE(q-\u003eclasses[i].quantum, 0);\\n              q-\u003eclasses[i].deficit = 0;\\n              gnet_stats_basic_sync_init(\u0026q-\u003eclasses[i].bstats);\\n              memset(\u0026q-\u003eclasses[i].qstats, 0, sizeof(q-\u003eclasses[i].qstats));\\n      }\\n      return 0;\\n}\\n\\nComment:\\nThis happens because some of the classes have their qdiscs assigned to\\nNULL, but remain in the active list. This commit fixes this issue by always\\nremoving the class from the active list before deleting and freeing its\\nassociated qdisc\\n\\nReproducer Steps\\n(trimmed version of what was sent by zdi-disclosures@trendmicro.com)\\n\\n```\\nDEV=\\\"${DEV:-lo}\\\"\\nROOT_HANDLE=\\\"${ROOT_HANDLE:-1:}\\\"\\nBAND2_HANDLE=\\\"${BAND2_HANDLE:-20:}\\\"   # child under 1:2\\nPING_BYTES=\\\"${PING_BYTES:-48}\\\"\\nPING_COUNT=\\\"${PING_COUNT:-200000}\\\"\\nPING_DST=\\\"${PING_DST:-127.0.0.1}\\\"\\n\\nSLOW_TBF_RATE=\\\"${SLOW_TBF_RATE:-8bit}\\\"\\nSLOW_TBF_BURST=\\\"${SLOW_TBF_BURST:-100b}\\\"\\nSLOW_TBF_LAT=\\\"${SLOW_TBF_LAT:-1s}\\\"\\n\\ncleanup() {\\n  tc qdisc del dev \\\"$DEV\\\" root 2\u003e/dev/null\\n}\\ntrap cleanup EXIT\\n\\nip link set \\\"$DEV\\\" up\\n\\ntc qdisc del dev \\\"$DEV\\\" root 2\u003e/dev/null || true\\n\\ntc qdisc add dev \\\"$DEV\\\" root handle \\\"$ROOT_HANDLE\\\" ets bands 2 strict 2\\n\\ntc qdisc add dev \\\"$DEV\\\" parent 1:2 handle \\\"$BAND2_HANDLE\\\" \\\\\\n  tbf rate \\\"$SLOW_TBF_RATE\\\" burst \\\"$SLOW_TBF_BURST\\\" latency \\\"$SLOW_TBF_LAT\\\"\\n\\ntc filter add dev \\\"$DEV\\\" parent 1: protocol all prio 1 u32 match u32 0 0 flowid 1:2\\ntc -s qdisc ls dev $DEV\\n\\nping -I \\\"$DEV\\\" -f -c \\\"$PING_COUNT\\\" -s \\\"$PING_BYTES\\\" -W 0.001 \\\"$PING_DST\\\" \\\\\\n  \u003e/dev/null 2\u003e\u00261 \u0026\\ntc qdisc change dev \\\"$DEV\\\" root handle \\\"$ROOT_HANDLE\\\" ets bands 2 strict 0\\ntc qdisc change dev \\\"$DEV\\\" root handle \\\"$ROOT_HANDLE\\\" ets bands 2 strict 2\\ntc -s qdisc ls dev $DEV\\ntc qdisc del dev \\\"$DEV\\\" parent \\n---truncated---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/06bfb66a7c8b45e3fed01351a4b087410ae5ef39\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/45466141da3c98a0c5fa88be0bc14b4b6a4bd75c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9987cda315c08f63a02423fa2f9a1f6602c861a0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a75d617a4ef08682f5cfaadc01d5141c87e019c9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ce052b9402e461a9aded599f5b47e76bc727f7de\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.