Description
In the Linux kernel, the following vulnerability has been resolved:

net/sched: netem: fix queue limit check to include reordered packets

The queue limit check in netem_enqueue() uses q->t_len which only
counts packets in the internal tfifo. Packets placed in sch->q by
the reorder path (__qdisc_enqueue_head) are not counted, allowing
the total queue occupancy to exceed sch->limit under reordering.

Include sch->q.qlen in the limit check.
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The bug in the netem enqueue logic meant that reordered packets were not counted against the scheduler's queue limit. As a result, the queue could grow beyond its intended bound, potentially consuming excessive kernel memory and degrading system performance or causing a denial of service. The flaw is a logical oversight in the size check rather than an injection or memory corruption bug.

Affected Systems

All Linux kernel versions that include the netem qdisc and have not received the commit that corrects the queue limit check are affected. The kernel is distributed by all major Linux vendors. The fix is documented in the upstream commit history.

Risk and Exploitability

Based on the description, it is inferred that the vulnerability requires network traffic that triggers packet reordering; an attacker could send crafted traffic to a host running the affected kernel to flood its traffic shaping queue. There is no direct code execution path, but a sustained attack could exhaust kernel resources. The CVSS score is 5.5, indicating moderate severity. The EPSS score is < 1 %, and the issue is not listed in CISA’s KEV catalog, suggesting limited public exploitation. Nonetheless, the risk is sufficient to warrant patching.

Generated by OpenCVE AI on June 26, 2026 at 05:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the netem queue limit check fix (see vendor update advisories).
  • Reboot or reload the new kernel to activate the change.
  • If the host relies on netem for traffic shaping, verify that the new kernel respects maximum queue limits and that delayed packets are properly accounted for.
  • Optionally disable the netem qdisc on interfaces not requiring traffic shaping to eliminate the risk footprint.

Generated by OpenCVE AI on June 26, 2026 at 05:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Fri, 26 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-400

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 24 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-400

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: fix queue limit check to include reordered packets The queue limit check in netem_enqueue() uses q->t_len which only counts packets in the internal tfifo. Packets placed in sch->q by the reorder path (__qdisc_enqueue_head) are not counted, allowing the total queue occupancy to exceed sch->limit under reordering. Include sch->q.qlen in the limit check.
Title net/sched: netem: fix queue limit check to include reordered packets
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:28:59.088Z

Reserved: 2026-06-09T07:44:35.376Z

Link: CVE-2026-52984

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-52984 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T05:30:17Z

Weaknesses
  • CWE-770

    Allocation of Resources Without Limits or Throttling