DEBIAN-CVE-2026-23449
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-23449
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-23449.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-23449
- Upstream
- Published
- 2026-04-03T16:16:31.037Z
- Modified
- 2026-04-04T09:48:17.278662Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teqlmasterxmit Whenever a TEQL devices has a lockless Qdisc as root, qdiscreset should be called using the seqlock to avoid racing with the datapath. Failure to do so may cause crashes like the following: [ 238.028993][ T318] BUG: KASAN: double-free in skbreleasedata (net/core/skbuff.c:1139) [ 238.029328][ T318] Free of addr ffff88810c67ec00 by task pocteqluafke/318 [ 238.029749][ T318] [ 238.029900][ T318] CPU: 3 UID: 0 PID: 318 Comm: pocteqlke Not tainted 7.0.0-rc3-00149-ge5b31d988a41 #704 PREEMPT(full) [ 238.029906][ T318] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 238.029910][ T318] Call Trace: [ 238.029913][ T318] <TASK> [ 238.029916][ T318] dumpstacklvl (lib/dumpstack.c:122) [ 238.029928][ T318] printreport (mm/kasan/report.c:379 mm/kasan/report.c:482) [ 238.029940][ T318] ? skbreleasedata (net/core/skbuff.c:1139) [ 238.029944][ T318] ? srsoaliasreturnthunk (arch/x86/lib/retpoline.S:221) ... [ 238.029957][ T318] ? skbreleasedata (net/core/skbuff.c:1139) [ 238.029969][ T318] kasanreportinvalidfree (mm/kasan/report.c:221 mm/kasan/report.c:563) [ 238.029979][ T318] ? skbreleasedata (net/core/skbuff.c:1139) [ 238.029989][ T318] checkslaballocation (mm/kasan/common.c:231) [ 238.029995][ T318] kmemcachefree (mm/slub.c:2637 (discriminator 1) mm/slub.c:6168 (discriminator 1) mm/slub.c:6298 (discriminator 1)) [ 238.030004][ T318] skbreleasedata (net/core/skbuff.c:1139) ... [ 238.030025][ T318] skskbreasondrop (net/core/skbuff.c:1256) [ 238.030032][ T318] pfifofastreset (./include/linux/ptrring.h:171 ./include/linux/ptrring.h:309 ./include/linux/skbarray.h:98 net/sched/schgeneric.c:827) [ 238.030039][ T318] ? srsoaliasreturnthunk (arch/x86/lib/retpoline.S:221) ... [ 238.030054][ T318] qdiscreset (net/sched/schgeneric.c:1034) [ 238.030062][ T318] teqldestroy (./include/linux/spinlock.h:395 net/sched/sch_teql.c:157) [ 238.030071][ T318] __qdiscdestroy (./include/net/pktsched.h:328 net/sched/schgeneric.c:1077) [ 238.030077][ T318] qdiscgraft (net/sched/schapi.c:1062 net/sched/schapi.c:1053 net/sched/sch_api.c:1159) [ 238.030089][ T318] ? __pfxqdiscgraft (net/sched/schapi.c:1091) [ 238.030095][ T318] ? srsoaliasreturnthunk (arch/x86/lib/retpoline.S:221) [ 238.030102][ T318] ? srsoaliasreturnthunk (arch/x86/lib/retpoline.S:221) [ 238.030106][ T318] ? srsoaliasreturnthunk (arch/x86/lib/retpoline.S:221) [ 238.030114][ T318] tcgetqdisc (net/sched/schapi.c:1529 net/sched/schapi.c:1556) ... [ 238.072958][ T318] Allocated by task 303 on cpu 5 at 238.026275s: [ 238.073392][ T318] kasansavestack (mm/kasan/common.c:58) [ 238.073884][ T318] kasansavetrack (mm/kasan/common.c:64 (discriminator 5) mm/kasan/common.c:79 (discriminator 5)) [ 238.074230][ T318] __kasanslaballoc (mm/kasan/common.c:369) [ 238.074578][ T318] kmem_cacheallocnodenoprof (./include/linux/kasan.h:253 mm/slub.c:4542 mm/slub.c:4869 mm/slub.c:4921) [ 238.076091][ T318] kmallocreserve (net/core/skbuff.c:616 (discriminator 107)) [ 238.076450][ T318] __allocskb (net/core/skbuff.c:713) [ 238.076834][ T318] allocskbwithfrags (./include/linux/skbuff.h:1383 net/core/skbuff.c:6763) [ 238.077178][ T318] sockallocsendpskb (net/core/sock.c:2997) [ 238.077520][ T318] packetsendmsg (net/packet/afpacket.c:2926 net/packet/afpacket.c:3019 net/packet/afpacket.c:3108) [ 238.081469][ T318] [ 238.081870][ T318] Freed by task 299 on cpu 1 at 238.028496s: [ 238.082761][ T318] kasansavestack (mm/kasan/common.c:58) [ 238.083481][ T318] kasansavetrack (mm/kasan/common.c:64 (discriminator 5) mm/kasan/common.c:79 (discriminator 5)) [ 238.085348][ T318] kasansavefreeinfo (mm/kasan/generic.c:587 (discriminator 1)) [ 238.085900][ T318] __kasanslabfree (mm/ ---truncated---
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
6.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.19.10-1