net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset

...

CVE-2026-22976

A flaw was found in the Linux kernel's schqfq Quick Fair Queueing scheduler. This vulnerability allows a local user to trigger a NULL pointer dereference in the qfqreset function. The issue arises when multiple qfqclass objects incorrectly reference the same leafqdisc, leading to an attempt to...

AZL-78446 CVE-2026-22976 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

UBUNTU-CVE-2026-22976

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which can trigger a null pointer derefrence exception when disabling inactive aggregation in qfqreset, potentially...