CVE-2026-23204
Published: Feb 14, 2026
Modified: Jun 1, 2026
CVSS v3.1
7.1
Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro fooling u32_classify(): BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d - < 29681ed51e737be14d18ecd1c304c57002e4b72caffected fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d - < cfa745830e45ecb75c061aa34330ee0cac941cc7affected fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d - < 13336a6239b9d7c6e61483017bb8bdfe3ceb10a5affected fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d - < e41a23e61259f5526af875c3b86b3d42a9bae0e5affected fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d - < 8a672f177ebe19c93d795fbe967846084fbc7943+1 more versions |
Linux | Linux | affected 2.6.35unaffected 0 - < 2.6.35unaffected 5.15.209 - <= 5.15.*unaffected 6.1.167 - <= 6.1.*unaffected 6.6.124 - <= 6.6.*+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now