CVE-2026-23204

High CVSS: 7.1

In the Linux kernel, the following vulnerability has been resolved:

net/sched: cls_u32: use skb_header_pointer_careful()

skb_header_pointer() does not fully validate negative @offset values.

Use skb_header_pointer_careful() instead.

GangMin Kim provided a report and a repro fooling u32_classify():

BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0
net/sched/cls_u32.c:221

Vendor

Linux

Product

Linux Kernel

CWE

CWE-125

Yayın Tarihi

2026-02-14 17:15:58

Güncelleme

2026-04-03 14:16:27

Source Identifier

416baaa9-dc9f-4396-8d5f-8c081fb06d67

KEV Date Added

Kategoriler

CWE-125 Linux Kernel HIGH Linux 2026

Referanslar

https://git.kernel.org/stable/c/13336a6239b9d7c6e61483017bb8bdfe3ceb10a5 https://git.kernel.org/stable/c/8a672f177ebe19c93d795fbe967846084fbc7943 https://git.kernel.org/stable/c/cabd1a976375780dabab888784e356f574bbaed8 https://git.kernel.org/stable/c/cfa745830e45ecb75c061aa34330ee0cac941cc7 https://git.kernel.org/stable/c/e41a23e61259f5526af875c3b86b3d42a9bae0e5

Benzer Kayıtlar

Medium

CVE-2026-23238

In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize() return value romfs…

Medium

CVE-2026-23237

In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL po…

High

CVE-2026-23236

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kerne…

High

CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute r…

High

CVE-2026-23234

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_write_end_io() As s…

High

CVE-2026-23233

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for…