CVE-2026-22987

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-22987
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22987.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-22987
Downstream
Published
2026-01-23T15:24:08.865Z
Modified
2026-02-09T19:33:53.735194Z
Summary
net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy

syzbot reported a crash in tcactinhw() during netns teardown where tcfidrinfodestroy() passed an ERRPTR(-EBUSY) value as a tc_action pointer, leading to an invalid dereference.

Guard against ERRPTR entries when iterating the action IDR so teardown does not call tcactinhw() on an error pointer.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22987.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
84a7d6797e6a03705e6b48c613fa424662049d87
Fixed
67550a1130b647bb0d093c9c0a810c69aa6a30a8
Fixed
adb25a46dc0a43173f5ea5f5f58fc8ba28970c7c

Affected versions

v6.*
v6.16
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.18
v6.18-rc1
v6.18-rc2
v6.18-rc3
v6.18-rc4
v6.18-rc5
v6.18-rc6
v6.18-rc7
v6.18.1
v6.18.2
v6.18.3
v6.18.4
v6.18.5
v6.19-rc1
v6.19-rc2
v6.19-rc3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22987.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.17.0
Fixed
6.18.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22987.json"