5.5

CVE-2026-23064

EPSS 0.02%
Veröffentlicht 04.02.2026 16:07:46
Zuletzt bearbeitet 13.03.2026 21:28:09
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net/sched: act_ife: avoid possible NULL deref

tcf_ife_encode() must make sure ife_encode() does not return NULL.

syzbot reported:

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
 RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166
CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full)
Call Trace:
 <TASK>
  ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:101
  tcf_ife_encode net/sched/act_ife.c:841 [inline]
  tcf_ife_act+0x1022/0x1de0 net/sched/act_ife.c:877
  tc_act include/net/tc_wrapper.h:130 [inline]
  tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152
  tcf_exts_exec include/net/pkt_cls.h:349 [inline]
  mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:42
  tc_classify include/net/tc_wrapper.h:197 [inline]
  __tcf_classify net/sched/cls_api.c:1764 [inline]
  tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:1860
  multiq_classify net/sched/sch_multiq.c:39 [inline]
  multiq_enqueue+0xe0/0x510 net/sched/sch_multiq.c:66
  dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:4147
  __dev_xmit_skb net/core/dev.c:4262 [inline]
  __dev_queue_xmit+0x2998/0x46c0 net/core/dev.c:4798

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.11 < 5.10.249

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.199

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.162

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.122

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.68

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.8

Linux ≫ Linux Kernel Version6.19 Updaterc1

Linux ≫ Linux Kernel Version6.19 Updaterc2

Linux ≫ Linux Kernel Version6.19 Updaterc3

Linux ≫ Linux Kernel Version6.19 Updaterc4

Linux ≫ Linux Kernel Version6.19 Updaterc5

Linux ≫ Linux Kernel Version6.19 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.03

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/03710cebfc0bcfe247a9e04381e79ea33896e278

Patch

https://git.kernel.org/stable/c/374915dfc932adf57712df3be010667fd1190e3c

Patch

https://git.kernel.org/stable/c/6c75fed55080014545f262b7055081cec4768b20

Patch

https://git.kernel.org/stable/c/27880b0b0d35ad1c98863d09788254e36f874968

Patch

https://git.kernel.org/stable/c/1440d749fe49c8665da6f744323b1671d25a56a0

Patch

https://git.kernel.org/stable/c/4ef2c77851676b7ed106f0c47755bee9eeec9a40

Patch

https://git.kernel.org/stable/c/dd9442aedbeae87c44cc64c0ee41abd296dc008b

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-23064

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23064

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23064

EUVD