CVE-2026-23204
- Source
- https://cve.org/CVERecord?id=CVE-2026-23204
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23204.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-23204
- Downstream
- Related
- Published
- 2026-02-14T16:27:27.708Z
- Modified
- 2026-03-31T17:29:30.196840Z
- Summary
- net/sched: cls_u32: use skb_header_pointer_careful()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net/sched: clsu32: use skbheaderpointercareful()
skbheaderpointer() does not fully validate negative @offset values.
Use skbheaderpointer_careful() instead.
GangMin Kim provided a report and a repro fooling u32_classify():
BUG: KASAN: slab-out-of-bounds in u32classify+0x1180/0x11b0 net/sched/clsu32.c:221
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23204.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/13336a6239b9d7c6e61483017bb8bdfe3ceb10a5
- https://git.kernel.org/stable/c/8a672f177ebe19c93d795fbe967846084fbc7943
- https://git.kernel.org/stable/c/cabd1a976375780dabab888784e356f574bbaed8
- https://git.kernel.org/stable/c/e41a23e61259f5526af875c3b86b3d42a9bae0e5
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23204.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23204
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfbc2e7d9cf49e0bf89b9e91fd60a06851a855c5dFixed13336a6239b9d7c6e61483017bb8bdfe3ceb10a5Fixede41a23e61259f5526af875c3b86b3d42a9bae0e5Fixed8a672f177ebe19c93d795fbe967846084fbc7943Fixedcabd1a976375780dabab888784e356f574bbaed8