CVE-2026-23204

CWE-125Out-of-bounds ReadCWE-12859 documents9 sources
Severity
7.1HIGH
EPSS
0.0%
top 96.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro fooling u32_classify(): BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

NVDlinux/linux_kernel2.6.35.16.6.124+4
CVEListV5linux/linuxfbc2e7d9cf49e0bf89b9e91fd60a06851a855c5dcfa745830e45ecb75c061aa34330ee0cac941cc7+5
Debianlinux< 6.12.73-1+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-rf63-9f5h-hhg6: In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does n2026-02-14
CVEList
net/sched: cls_u32: use skb_header_pointer_careful()2026-02-14
OSV
CVE-2026-23204: In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not2026-02-14

📋Vendor Advisories

3
Red Hat
kernel: net/sched: cls_u32: use skb_header_pointer_careful()2026-02-14
Microsoft
net/sched: cls_u32: use skb_header_pointer_careful()2026-02-10
Debian
CVE-2026-23204: linux - In the Linux kernel, the following vulnerability has been resolved: net/sched: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23204 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-23204 kernel: net/sched: cls_u32: use skb_header_pointer_careful()2026-02-14
CVE-2026-23204 (HIGH CVSS 7.1) | In the Linux kernel | cvebase.io