CVE-2026-23064
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_ife: avoid possible NULL deref
tcf_ife_encode() must make sure ife_encode() does not return NULL.
syzbot reported:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166
CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full)
Call Trace:
<TASK>
ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:101
tcf_ife_encode net/sched/act_ife.c:841 [inline]
tcf_ife_act+0x1022/0x1de0 net/sched/act_ife.c:877
tc_act include/net/tc_wrapper.h:130 [inline]
tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152
tcf_exts_exec include/net/pkt_cls.h:349 [inline]
mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:42
tc_classify include/net/tc_wrapper.h:197 [inline]
__tcf_classify net/sched/cls_api.c:1764 [inline]
tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:1860
multiq_classify net/sched/sch_multiq.c:39 [inline]
multiq_enqueue+0xe0/0x510 net/sched/sch_multiq.c:66
dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:4147
__dev_xmit_skb net/core/dev.c:4262 [inline]
__dev_queue_xmit+0x2998/0x46c0 net/core/dev.c:4798
net/sched: act_ife: avoid possible NULL deref
tcf_ife_encode() must make sure ife_encode() does not return NULL.
syzbot reported:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166
CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full)
Call Trace:
<TASK>
ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:101
tcf_ife_encode net/sched/act_ife.c:841 [inline]
tcf_ife_act+0x1022/0x1de0 net/sched/act_ife.c:877
tc_act include/net/tc_wrapper.h:130 [inline]
tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152
tcf_exts_exec include/net/pkt_cls.h:349 [inline]
mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:42
tc_classify include/net/tc_wrapper.h:197 [inline]
__tcf_classify net/sched/cls_api.c:1764 [inline]
tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:1860
multiq_classify net/sched/sch_multiq.c:39 [inline]
multiq_enqueue+0xe0/0x510 net/sched/sch_multiq.c:66
dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:4147
__dev_xmit_skb net/core/dev.c:4262 [inline]
__dev_queue_xmit+0x2998/0x46c0 net/core/dev.c:4798
Vendor
Product
CWE
Yayın Tarihi
2026-02-04 17:16:17
Güncelleme
2026-03-13 21:28:09
Source Identifier
416baaa9-dc9f-4396-8d5f-8c081fb06d67
KEV Date Added
-
Kategoriler
Referanslar
https://git.kernel.org/stable/c/03710cebfc0bcfe247a9e04381e79ea33896e278
https://git.kernel.org/stable/c/1440d749fe49c8665da6f744323b1671d25a56a0
https://git.kernel.org/stable/c/27880b0b0d35ad1c98863d09788254e36f874968
https://git.kernel.org/stable/c/374915dfc932adf57712df3be010667fd1190e3c
https://git.kernel.org/stable/c/4ef2c77851676b7ed106f0c47755bee9eeec9a40
https://git.kernel.org/stable/c/6c75fed55080014545f262b7055081cec4768b20
https://git.kernel.org/stable/c/dd9442aedbeae87c44cc64c0ee41abd296dc008b