CVE-2026-22987

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-22987
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22987.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-22987
Downstream
Published
2026-01-23T15:24:08.865Z
Modified
2026-04-02T13:11:39.502114Z
Summary
net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy

syzbot reported a crash in tcactinhw() during netns teardown where tcfidrinfodestroy() passed an ERRPTR(-EBUSY) value as a tc_action pointer, leading to an invalid dereference.

Guard against ERRPTR entries when iterating the action IDR so teardown does not call tcactinhw() on an error pointer.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22987.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
84a7d6797e6a03705e6b48c613fa424662049d87
Fixed
67550a1130b647bb0d093c9c0a810c69aa6a30a8
Fixed
adb25a46dc0a43173f5ea5f5f58fc8ba28970c7c

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22987.json"