CVE-2026-23064

MEDIUM EPSS 2.4%
Published Feb 4, 20264mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 4, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: avoid possible NULL deref tcf_ife_encode() must make sure ife_encode() does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166 CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full) Call Trace: <TASK> ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:101 tcf_ife_encode net/sched/act_ife.c:841 [inline] tcf_ife_act+0x1022/0x1de0 net/sched/act_ife.c:877 tc_act include/net/tc_wrapper.h:130 [inline] tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152 tcf_exts_exec include/net/pkt_cls.h:349 [inline] mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:42 tc_classify include/net/tc_wrapper.h:197 [inline] __tcf_classify net/sched/cls_api.c:1764 [inline] tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:1860 multiq_classify net/sched/sch_multiq.c:39 [inline] multiq_enqueue+0xe0/0x510 net/sched/sch_multiq.c:66 dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:4147 __dev_xmit_skb net/core/dev.c:4262 [inline] __dev_queue_xmit+0x2998/0x46c0 net/core/dev.c:4798

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥4.11  –  <5.10.249
linuxlinux_kernel*≥5.11  –  <5.15.199
linuxlinux_kernel*≥5.16  –  <6.1.162
linuxlinux_kernel*≥6.2  –  <6.6.122
linuxlinux_kernel*≥6.7  –  <6.12.68
linuxlinux_kernel*≥6.13  –  <6.18.8
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/03710cebfc0bcfe247a9e04381e79ea33896e278
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1440d749fe49c8665da6f744323b1671d25a56a0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27880b0b0d35ad1c98863d09788254e36f874968
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/374915dfc932adf57712df3be010667fd1190e3c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4ef2c77851676b7ed106f0c47755bee9eeec9a40
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6c75fed55080014545f262b7055081cec4768b20
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd9442aedbeae87c44cc64c0ee41abd296dc008b
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/03710cebfc0bcfe247a9e04381e79ea33896e278
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1440d749fe49c8665da6f744323b1671d25a56a0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27880b0b0d35ad1c98863d09788254e36f874968
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/374915dfc932adf57712df3be010667fd1190e3c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4ef2c77851676b7ed106f0c47755bee9eeec9a40
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6c75fed55080014545f262b7055081cec4768b20
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd9442aedbeae87c44cc64c0ee41abd296dc008b
    Patch