Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fixed a NULL dereference when deactivating an inactive aggregate in qfqreset. qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. Th...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013504)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013504 advisory. In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bfqexiticqbfqq Commit 64dc8c732f5c block, bfq: fix possible uaf f...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005191)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005191 advisory. In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: don't allow 1 packet limit The current implementation does not work correctly...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004955)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004955 advisory. In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: fix a potential crash on gsoskb handling SFQ has an assumption of always being...

UBUNTU-CVE-2026-22999

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: do not free existing class in qfqchangeclass Fixes qfqchangeclass error case. cl-qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF...

CVE-2026-22976

A flaw was found in the Linux kernel's schqfq Quick Fair Queueing scheduler. This vulnerability allows a local user to trigger a NULL pointer dereference in the qfqreset function. The issue arises when multiple qfqclass objects incorrectly reference the same leafqdisc, leading to an attempt to...

CVE-2026-22976

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

CVE-2026-22976

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

CVE-2026-22976

CVE-2026-22976 affects the Linux kernel’s net/sched sch_qfq, where two qfq_class objects can reference the same leaf_qdisc. In certain teardown paths (e.g., when a qdisc is pending destruction via tc_new_tfilter and another qdisc is root-attached), a shared leaf_qdisc may have q.qlen > 0 while...

ROS-20260119-7309

A vulnerability in the net/sched/schsfq.c component of the Linux operating system kernel is related to unchecked array indexing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails

A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...

PT-2025-44277

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s sch qfq scheduler within the agg dequeue function net/sched/sch qfq.c. A null dereference could occur when cl-qdisc-ops-peekcl-qdisc returns NULL,...

SUSE-SU-2025:20819-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_2

This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: - CVE-2024-50154: tcp/dccp: Don't use timerpending in reqskqueueunlink bsc1233072 - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing bsc1237048 - CVE-2025-21791: vrf: use RCU protection in l3mdevl3out bsc124074...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_6

This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: CVE-2025-38089: sunrpc: handle SVCGARBAGE during svc auth processing as auth error bsc1245509 CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315 Patch Instructions: To install this SUSE...

SUSE-SU-2025:20815-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_6

This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: - CVE-2025-38089: sunrpc: handle SVCGARBAGE during svc auth processing as auth error bsc1245509 - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_4

This update for kernel-livepatch-MICRO-6-0-RTUpdate4 fixes the following issues: CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing bsc1237048 CVE-2025-21791: vrf: use RCU protection in l3mdevl3out bsc1240744 CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket...

Security update for kernel-livepatch-MICRO-6-0_Update_4

This update for kernel-livepatch-MICRO-6-0Update4 fixes the following issues: CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing bsc1237048 CVE-2025-21791: vrf: use RCU protection in l3mdevl3out bsc1240744 CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650...

CVE-2023-53624 net/sched: sch_fq: fix integer overflow of "credit"

In the Linux kernel, the following vulnerability has been resolved: net/sched: schfq: fix integer overflow of "credit" if schfq is configured with "initial quantum" having values greater than INTMAX, the first assignment of "credit" does signed integer overflow to a very negative value. In this...

CVE-2023-53500

CVE-2023-53500 concerns the Linux kernel xfrm path. The issue is a slab-use-after-free in decode_session6 that can occur when an xfrm device is enqueued on a qdisc of type sfb, where the skb cb field may be modified during transmission. This leads to a use-after-free on the skb’s memory during IP...

kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...