-

CVE-2026-52997

net/sched: sch_dualpi2: drain both C-queue and L-queue in dualpi2_change()

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_dualpi2: drain both C-queue and L-queue in dualpi2_change()

Fix dualpi2_change() to correctly enforce updated limit and memlimit
values after a configuration change of the dualpi2 qdisc.

Before this patch, dualpi2_change() always attempted to dequeue packets
via the root qdisc (C-queue) when reducing backlog or memory usage, and
unconditionally assumed that a valid skb will be returned. When traffic
classification results in packets being queued in the L-queue while the
C-queue is empty, this leads to a NULL skb dereference during limit or
memlimit enforcement.

This is fixed by first dequeuing from the C-queue path if it is
non-empty. Once the C-queue is empty, packets are dequeued directly from
the L-queue. Return values from qdisc_dequeue_internal() are checked for
both queues. When dequeuing from the L-queue, the parent qdisc qlen and
backlog counters are updated explicitly to keep overall qdisc statistics
consistent.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 320d031ad6e4d67e8e1ab08ac71efda02bc85683
Version < 86cf2eba2056bcf9c41fba260e599bd95bf9943b
Status affected
Version 320d031ad6e4d67e8e1ab08ac71efda02bc85683
Version < 3042add80c2c50bd127d570b83319af612efde65
Status affected
Version 320d031ad6e4d67e8e1ab08ac71efda02bc85683
Version < 478ed6b7d2577439c610f91fa8759a4c878a4264
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.17
Status affected
Version 0
Version < 6.17
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.07
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/86cf2eba2056bcf9c41fba260e599bd95bf9943b
https://git.kernel.org/stable/c/3042add80c2c50bd127d570b83319af612efde65
https://git.kernel.org/stable/c/478ed6b7d2577439c610f91fa8759a4c878a4264