CVE-2026-31422
Published: Apr 13, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_flow: fix NULL pointer dereference on shared blocks flow_change() calls tcf_block_q() and dereferences q->handle to derive a default baseclass. Shared blocks leave block->q NULL, causing a NULL deref when a flow filter without a fully qualified baseclass is created on a shared block. Check tcf_block_shared() before accessing block->q and return -EINVAL for shared blocks. This avoids the null-deref shown below: ======================================================================= KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] RIP: 0010:flow_change (net/sched/cls_flow.c:508) Call Trace: tc_new_tfilter (net/sched/cls_api.c:2432) rtnetlink_rcv_msg (net/core/rtnetlink.c:6980) [...] =======================================================================
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1abf272022cf1d18469405f47b4ec49c6a3125db - < 57f94ac7e953eece5ed4819605a18f3cdfc63dccaffected 1abf272022cf1d18469405f47b4ec49c6a3125db - < 942813276edeb1741fa5b0a73471beb4e495fa08affected 1abf272022cf1d18469405f47b4ec49c6a3125db - < cc707a4fd4c3b6ab2722e06bc359aa010e13d408affected 1abf272022cf1d18469405f47b4ec49c6a3125db - < 4a09f72007201c9f667dc47f64517ec23eea65e5affected 1abf272022cf1d18469405f47b4ec49c6a3125db - < 9bf5fc36a43f7b8b5507c96e74fb81f1e8b4957e+3 more versions |
Linux | Linux | affected 4.15unaffected 0 - < 4.15unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now