304 matches found
CVE-2026-23064
CVE-2026-23064 affects the Linux kernel’s net/sched implementation, specifically the act_ife action. The vulnerability is a NULL pointer dereference in tcf_ife_encode()/ife_encode() that could trigger a general protection fault/oops when a NULL is encountered. The provided trace shows the fault p...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fixed a race condition in qfqaggregate. A race condition can occur when qfqchangeagg is modified called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a NULL...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netsched: drr: A double addition was corrected in the class, where netem is a child qdisc. As described in Gerrard’s report 1, there are use cases where a netem child qdisc can make the parent qdisc’s enqueue callback reentrant. ...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netsched: hfsc: Fixed a potential UAF in hfscdequeue. Similarly to the previous patch, we also need to properly protect hfscdequeue. However, for this issue, we do not have a reliable way to reproduce the problem...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: A UAF vulnerability has been fixed in classes where netem is a child qdisc. As described in Gerrard’s report 1, there is a UAF case when an hfsc class has a netem child qdisc. The core issue is that hfsc assumes...
UBUNTU-CVE-2026-22987
In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...
CVE-2026-22987
In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...
CVE-2026-22976
In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...
CLSA-2026-1768895798 kernel: Fix of 7 CVEs
fs/proc: fix uaf in procreaddirde CVE-2025-40271 - fs: fix UAF/GPF bug in nilfsmdtdestroy CVE-2022-2978 - Bluetooth: L2CAP: fix "bad unlock balance" in l2capdisconnectrsp CVE-2023-53297 - net: sched: sfb: fix null pointer access issue when sfbinit fails CVE-2022-50356 - ALSA: usb-audio: Fix size...
net/sched: ets: Remove drr class from the active list if it changes to strict
...
PT-2026-2547
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc7-00105-g7e9f13163c13-dirty Description The Linux kernel contains an issue within the ets scheduling class. When a user changes a drr class to a strict one, the code fails to check if that class is prese...
MiracleLinux 8 : kernel-4.18.0-553.75.1.el8_10 (AXSA:2025-10889:70)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10889:70 advisory. kernel: net: usb: smsc75xx: Limit packet length to skb-len CVE-2023-53125 kernel: net/sched: Always pass notifications when child class becomes emp...
PT-2026-6134
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the networking subsystem, specifically in the net/sched component related to the act ife functionality. The issue arises from a potential NULL...
CVE-2023-54251
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCATAPRIOATTRSCHEDCYCLETIME to INTMAX. syzkaller found zero division error 0 in divs64rem called from getcycletimeelapsed, where sched-cycletime is the divisor. We have tests in parsetaprioschedule so tha...
CVE-2023-54193 net/sched: cls_api: remove block_cb from driver_list before freeing
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: remove blockcb from driverlist before freeing Error handler of tcfblockbind frees the whole bo-cblist on error. However, by that time the flowblockcb instances are already in the driver list because driver...
net/sched: Always pass notifications when child class becomes empty
...
CVE-2025-68200
In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...
UBUNTU-CVE-2025-68232
In the Linux kernel, the following vulnerability has been resolved: veth: more robust handing of race to avoid txq getting stuck Commit dc82a33297fc "veth: apply qdisc backpressure on full ptrring to reduce TX drops" introduced a race condition that can lead to a permanently stalled TXQ. This was...
net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
...
net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
...