U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-40083 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix null-deref in agg_dequeue To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return value before using it, similar to the existing approach in sch_hfsc.c. To avoid code duplication, the following changes are made: 1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static inline function. 2. Moved qdisc_peek_len from net/sched/sch_hfsc.c to include/net/pkt_sched.h so that sch_qfq can reuse it. 3. Applied qdisc_peek_len in agg_dequeue to avoid crashing.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/1bed56f089f09b465420bf23bb32985c305cfc28 kernel.org
https://git.kernel.org/stable/c/3c2a8994807623c7655ece205667ae2cf74940aa kernel.org
https://git.kernel.org/stable/c/6ff8e74c8f8a68ec07ef837b95425dfe900d060f kernel.org
https://git.kernel.org/stable/c/6ffa9d66187188e3068b5a3895e6ae1ee34f9199 kernel.org
https://git.kernel.org/stable/c/71d84658a61322e5630c85c5388fc25e4a2d08b2 kernel.org
https://git.kernel.org/stable/c/99fc137f178797204d36ac860dd8b31e35baa2df kernel.org
https://git.kernel.org/stable/c/dd831ac8221e691e9e918585b1003c7071df0379 kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-40083
NVD Published Date:
10/29/2025
NVD Last Modified:
12/06/2025
Source:
kernel.org