CVE-2026-22999
CVE-2026-22999 is addressed by fixes in the Linux kernel's net/sched code: sch_qfq now avoids freeing an existing class in qfq_change_class() unless a new class and qdisc are allocated, preventing potential use-after-free (UAF). The Ubuntu/Ubuntu USN and SUSE SUSE-SU-2026:1305-1 advisories list t...