CVE-2026-23064

EPSS -
Veröffentlicht 04.02.2026 16:07:46
Zuletzt bearbeitet 04.02.2026 17:16:17
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net/sched: act_ife: avoid possible NULL deref

tcf_ife_encode() must make sure ife_encode() does not return NULL.

syzbot reported:

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
 RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166
CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full)
Call Trace:
 <TASK>
  ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:101
  tcf_ife_encode net/sched/act_ife.c:841 [inline]
  tcf_ife_act+0x1022/0x1de0 net/sched/act_ife.c:877
  tc_act include/net/tc_wrapper.h:130 [inline]
  tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152
  tcf_exts_exec include/net/pkt_cls.h:349 [inline]
  mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:42
  tc_classify include/net/tc_wrapper.h:197 [inline]
  __tcf_classify net/sched/cls_api.c:1764 [inline]
  tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:1860
  multiq_classify net/sched/sch_multiq.c:39 [inline]
  multiq_enqueue+0xe0/0x510 net/sched/sch_multiq.c:66
  dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:4147
  __dev_xmit_skb net/core/dev.c:4262 [inline]
  __dev_queue_xmit+0x2998/0x46c0 net/core/dev.c:4798

Betroffene Produkte Warnungen 0 Metriken 0 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 03710cebfc0bcfe247a9e04381e79ea33896e278

Version 295a6e06d21e1f469c9f38b00125a13b60ad4e7c

Status affected

Version < 374915dfc932adf57712df3be010667fd1190e3c

Version 295a6e06d21e1f469c9f38b00125a13b60ad4e7c

Status affected

Version < 6c75fed55080014545f262b7055081cec4768b20

Version 295a6e06d21e1f469c9f38b00125a13b60ad4e7c

Status affected

Version < 27880b0b0d35ad1c98863d09788254e36f874968

Version 295a6e06d21e1f469c9f38b00125a13b60ad4e7c

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.11

Status affected

Version < 4.11

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.122

Status unaffected

Version <= 6.12.*

Version 6.12.68

Status unaffected

Version <= 6.18.*

Version 6.18.8

Status unaffected

Version <= *

Version 6.19-rc7

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

Es wurden noch keine Metriken (CVSS, EPSS) zu dieser CVE veröffentlicht.

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/03710cebfc0bcfe247a9e04381e79ea33896e278

https://git.kernel.org/stable/c/374915dfc932adf57712df3be010667fd1190e3c

https://git.kernel.org/stable/c/6c75fed55080014545f262b7055081cec4768b20

https://git.kernel.org/stable/c/27880b0b0d35ad1c98863d09788254e36f874968

https://nvd.nist.gov/vuln/detail/CVE-2026-23064

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23064

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23064

EUVD