| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026020430-CVE-2026-23105-1d6d@gregkh> Date: Wed, 4 Feb 2026 17:15:04 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq. use cl_is_active instead of relying on the child qdisc's qlen to determine class activation. The Linux kernel CVE team has assigned CVE-2026-23105 to this issue. Affected and fixed versions =========================== Issue introduced in 3.8 with commit 462dbc9101acd38e92eda93c0726857517a24bbd and fixed in 6.6.122 with commit 93b8635974fb050c43d07e35e5edfe6e685ca28a Issue introduced in 3.8 with commit 462dbc9101acd38e92eda93c0726857517a24bbd and fixed in 6.12.68 with commit abd9fc26ea577561a5ef6241a1b058755ffdad0c Issue introduced in 3.8 with commit 462dbc9101acd38e92eda93c0726857517a24bbd and fixed in 6.18.8 with commit 77f1afd0bb4d5da95236f6114e6d0dfcde187ff6 Issue introduced in 3.8 with commit 462dbc9101acd38e92eda93c0726857517a24bbd and fixed in 6.19-rc7 with commit d837fbee92453fbb829f950c8e7cf76207d73f33 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-23105 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/sched/sch_qfq.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/93b8635974fb050c43d07e35e5edfe6e685ca28a https://git.kernel.org/stable/c/abd9fc26ea577561a5ef6241a1b058755ffdad0c https://git.kernel.org/stable/c/77f1afd0bb4d5da95236f6114e6d0dfcde187ff6 https://git.kernel.org/stable/c/d837fbee92453fbb829f950c8e7cf76207d73f33
Powered by blists - more mailing lists