Description
In the Linux kernel, the following vulnerability has been resolved:

net/sched: netem: fix queue limit check to include reordered packets

The queue limit check in netem_enqueue() uses q->t_len which only
counts packets in the internal tfifo. Packets placed in sch->q by
the reorder path (__qdisc_enqueue_head) are not counted, allowing
the total queue occupancy to exceed sch->limit under reordering.

Include sch->q.qlen in the limit check.
Published: 2026-06-24
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The bug in the netem enqueue logic meant that reordered packets were not counted against the scheduler's queue limit. As a result, the queue could grow beyond its intended bound, potentially consuming excessive kernel memory and degrading system performance or causing a denial of service. The flaw is a logical oversight in the size check rather than an injection or memory corruption bug.

Affected Systems

All Linux kernel versions that include the netem qdisc and have not received the commit that corrects the queue limit check are affected. The kernel is distributed by all major Linux vendors. The fix is documented in the upstream commit history.

Risk and Exploitability

Given that the vulnerability requires network traffic that triggers packet reordering, an attacker could send crafted traffic to a host running the affected kernel to flood its traffic shaping queue. There is no direct code execution path, but a sustained attack could exhaust kernel resources. The CVSS score is not provided, and EPSS data is unavailable; the issue is not listed in CISA’s KEV catalog, suggesting limited public exploitation. Nonetheless, the risk is sufficient to warrant patching.

Generated by OpenCVE AI on June 24, 2026 at 18:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the netem queue limit check fix (see vendor update advisories).
  • Reboot or reload the new kernel to activate the change.
  • If the host relies on netem for traffic shaping, verify that the new kernel respects maximum queue limits and that delayed packets are properly accounted for.
  • Optionally disable the netem qdisc on interfaces not requiring traffic shaping to eliminate the risk footprint.

Generated by OpenCVE AI on June 24, 2026 at 18:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-400

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: fix queue limit check to include reordered packets The queue limit check in netem_enqueue() uses q->t_len which only counts packets in the internal tfifo. Packets placed in sch->q by the reorder path (__qdisc_enqueue_head) are not counted, allowing the total queue occupancy to exceed sch->limit under reordering. Include sch->q.qlen in the limit check.
Title net/sched: netem: fix queue limit check to include reordered packets
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:28:59.088Z

Reserved: 2026-06-09T07:44:35.376Z

Link: CVE-2026-52984

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T18:45:05Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-400

    Uncontrolled Resource Consumption