DEBIAN-CVE-2025-68325
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that the parent qdisc will enqueue the current packet. However, this assumption breaks when cake_enqueue() returns NET_XMIT_CN: the parent qdisc stops enqueuing current packet, leaving the tree qlen/backlog accounting inconsistent. This mismatch can lead to a NULL dereference (e.g., when the parent Qdisc is qfq_qdisc). This patch computes the qlen/backlog delta in a more robust way by observing the difference before and after the series of cake_drop() calls, and then compensates the qdisc tree accounting if cake_enqueue() returns NET_XMIT_CN. To ensure correct compensation when ACK thinning is enabled, a new variable is introduced to keep qlen unchanged.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux | 5.10.179-4, 5.10.179-3, 5.10.113-1 |
| Debian:13 | linux | 6.12.43-1, 6.12.48-1, 6.12.43-1~bpo12+1 |
| Debian:12 | linux | 6.1.129-1, 0, 6.1.106-1 |
| Debian:14 | linux | 6.15-1~exp1, *, * |
| Debian:11 | linux-6.1 | 0, 6.1.106-3, 6.1.106-3 |
Exploit Intelligence
- PoC CVE-2025-68325 (github-poc)
Timeline
- Dec 18, 2025 CVE Published
- Apr 28, 2026 CVE Updated