| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026020416-CVE-2026-23064-8eec@gregkh> Date: Wed, 4 Feb 2026 17:14:23 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: avoid possible NULL deref tcf_ife_encode() must make sure ife_encode() does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166 CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full) Call Trace: <TASK> ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:101 tcf_ife_encode net/sched/act_ife.c:841 [inline] tcf_ife_act+0x1022/0x1de0 net/sched/act_ife.c:877 tc_act include/net/tc_wrapper.h:130 [inline] tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152 tcf_exts_exec include/net/pkt_cls.h:349 [inline] mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:42 tc_classify include/net/tc_wrapper.h:197 [inline] __tcf_classify net/sched/cls_api.c:1764 [inline] tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:1860 multiq_classify net/sched/sch_multiq.c:39 [inline] multiq_enqueue+0xe0/0x510 net/sched/sch_multiq.c:66 dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:4147 __dev_xmit_skb net/core/dev.c:4262 [inline] __dev_queue_xmit+0x2998/0x46c0 net/core/dev.c:4798 The Linux kernel CVE team has assigned CVE-2026-23064 to this issue. Affected and fixed versions =========================== Issue introduced in 4.11 with commit 295a6e06d21e1f469c9f38b00125a13b60ad4e7c and fixed in 6.6.122 with commit 03710cebfc0bcfe247a9e04381e79ea33896e278 Issue introduced in 4.11 with commit 295a6e06d21e1f469c9f38b00125a13b60ad4e7c and fixed in 6.12.68 with commit 374915dfc932adf57712df3be010667fd1190e3c Issue introduced in 4.11 with commit 295a6e06d21e1f469c9f38b00125a13b60ad4e7c and fixed in 6.18.8 with commit 6c75fed55080014545f262b7055081cec4768b20 Issue introduced in 4.11 with commit 295a6e06d21e1f469c9f38b00125a13b60ad4e7c and fixed in 6.19-rc7 with commit 27880b0b0d35ad1c98863d09788254e36f874968 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-23064 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/sched/act_ife.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/03710cebfc0bcfe247a9e04381e79ea33896e278 https://git.kernel.org/stable/c/374915dfc932adf57712df3be010667fd1190e3c https://git.kernel.org/stable/c/6c75fed55080014545f262b7055081cec4768b20 https://git.kernel.org/stable/c/27880b0b0d35ad1c98863d09788254e36f874968
Powered by blists - more mailing lists