11 matches found
CVE-2026-43035
In the Linux kernel, the following vulnerability has been resolved: net: sched: clsapi: fix tcchainfillnode to initialize tcminfo to zero to prevent an info-leak When building netlink messages, tcchainfillnode never initializes the tcminfo field of struct tcmsg. Since the allocation is not zeroed...
CVE-2026-43035
The CVE affects the Linux kernel net: sched: cls_api code path tc_chain_fill_node, where tcm_info in struct tcmsg was not initialized, leaking heap memory to userspace via a 4-byte field. The fix zeros tcm_info alongside other initialized fields. Affected/patched details from connected docs: upst...
EUVD-2023-60448
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: remove blockcb from driverlist before freeing Error handler of tcfblockbind frees the whole bo-cblist on error. However, by that time the flowblockcb instances are already in the driver list because driver...
CVE-2023-54193
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: remove blockcb from driverlist before freeing Error handler of tcfblockbind frees the whole bo-cblist on error. However, by that time the flowblockcb instances are already in the driver list because driver...
CVE-2023-54193 net/sched: cls_api: remove block_cb from driver_list before freeing
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: remove blockcb from driverlist before freeing Error handler of tcfblockbind frees the whole bo-cblist on error. However, by that time the flowblockcb instances are already in the driver list because driver...
CVE-2023-54193
CVE-2023-54193 concerns the Linux kernel net/sched cls_api. The issue is a use-after-free caused by flow_block_cb objects remaining in the driver_list when tcf_block_bind() error frees the bo->cb_list; flow_block_cb instances may already be in the driver_list due to the earlier ndo_setup_tc() ...
kernel: net/sched: cls_api: fix error handling causing NULL dereference
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: fix error handling causing NULL dereference tcfextsmisscookiebasealloc calls xaalloccyclic which can return 1 if the allocation succeeded after wrapping. This was treated as an error, with value 1 returned to...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: fix error handling causing NULL dereference tcfextsmisscookiebasealloc calls xaalloccyclic which can return 1 if the allocation succeeded after wrapping. This was treated as an error, with value 1 returned to...
AZL-58511 CVE-2025-21857 affecting package kernel for versions less than 6.6.82.1-1
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: fix error handling causing NULL dereference tcfextsmisscookiebasealloc calls xaalloccyclic which can return 1 if the allocation succeeded after wrapping. This was treated as an error, with value 1 returned to...
CVE-2025-21857 net/sched: cls_api: fix error handling causing NULL dereference
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: fix error handling causing NULL dereference tcfextsmisscookiebasealloc calls xaalloccyclic which can return 1 if the allocation succeeded after wrapping. This was treated as an error, with value 1 returned to...
kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c
A use-after-free vulnerability was found in the tcnewtfilter function in net/sched/clsapi.c in the Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation...