CVE-2026-43238

A flaw was found in the Linux kernel. A divide-by-zero vulnerability exists in the tcfskbedithash function within the networking scheduler component. This occurs when calculating the mappingmod value, where a large range wraps to zero, leading to a division by zero error. This flaw can cause a...

CVE-2026-43238

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbedit: fix divide-by-zero in tcfskbedithash Commit 38a6f0865796 "net: sched: support hash selecting tx queue" added SKBEDITFTXQSKBHASH support. The inclusive range size is computed as: mappingmod = queuemappingmax...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...

CVE-2026-31421

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsfw: fix NULL pointer dereference on shared blocks The old-method path in fwclassify calls tcfblockq and dereferences q-handle. Shared blocks leave block-q NULL, causing a NULL deref when an empty clsfw filter is...

CVE-2026-31422 net/sched: cls_flow: fix NULL pointer dereference on shared blocks

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsflow: fix NULL pointer dereference on shared blocks flowchange calls tcfblockq and dereferences q-handle to derive a default baseclass. Shared blocks leave block-q NULL, causing a NULL deref when a flow filter witho...

EUVD-2026-12808

In the Linux kernel, the following vulnerability has been resolved: net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the parameters to an RCU-protected snapshot and swap update...

UBUNTU-CVE-2026-23245

In the Linux kernel, the following vulnerability has been resolved: net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the parameters to an RCU-protected snapshot and swap update...

CVE-2026-23245 net/sched: act_gate: snapshot parameters with RCU on replace

In the Linux kernel, the following vulnerability has been resolved: net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the parameters to an RCU-protected snapshot and swap update...

CVE-2026-23064

CVE-2026-23064 affects the Linux kernel’s net/sched implementation, specifically the act_ife action. The vulnerability is a NULL pointer dereference in tcf_ife_encode()/ife_encode() that could trigger a general protection fault/oops when a NULL is encountered. The provided trace shows the fault p...

CVE-2026-22987

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...

CVE-2026-22987

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...

CVE-2026-22987 net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...

CVE-2026-22987

CVE-2026-22987 concerns the Linux kernel net/sched subsystem. The issue arises when tcf_idrinfo_destroy() can pass an ERR_PTR(-EBUSY) as a tc_action pointer during netns teardown, leading to a dereference of an error pointer in tc_act_in_hw(). The fix adds a guard to skip ERR_PTR entries while it...

CVE-2026-22987

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a possible cancellation of reference pointer in tcfidrinfodestroy, potentially leading to crashes...

CVE-2023-29121

Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system...

PT-2026-4487

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s networking scheduler related to traffic control and action API handling. Specifically, the issue involves a potential invalid memory dereference withi...

PT-2026-26048

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue in the networking scheduler net/sched related to the act gate action. Specifically, the act gate action can be replaced while a hrtimer callback or dum...

CVE-2025-40279 net: sched: act_connmark: initialize struct tc_ife to fix kernel leak

In the Linux kernel, the following vulnerability has been resolved: net: sched: actconnmark: initialize struct tcife to fix kernel leak In tcfconnmarkdump, the variable 'opt' was partially initialized using a designatied initializer. While the padding bytes are reamined uninitialized. nlaput copi...

kernel: net/sched: cls_api: fix error handling causing NULL dereference

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: fix error handling causing NULL dereference tcfextsmisscookiebasealloc calls xaalloccyclic which can return 1 if the allocation succeeded after wrapping. This was treated as an error, with value 1 returned to...