CVE-2026-22987
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy
syzbot reported a crash in tc_act_in_hw() during netns teardown where tcf_idrinfo_destroy() passed an ERR_PTR(-EBUSY) value as a tc_action pointer, leading to an invalid dereference.
Guard against ERR_PTR entries when iterating the action IDR so teardown does not call tc_act_in_hw() on an error pointer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 84a7d6797e6a03705e6b48c613fa424662049d87 < 67550a1130b647bb0d093c9c0a810c69aa6a30a8 | affected |
| Linux | Linux | 84a7d6797e6a03705e6b48c613fa424662049d87 < adb25a46dc0a43173f5ea5f5f58fc8ba28970c7c | affected |
| Linux | Linux | 6.17 | affected |
| Linux | Linux | 0 < 6.17 | unaffected |
| Linux | Linux | 6.18.6 <= 6.18.* | unaffected |
| Linux | Linux | 6.19 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/67550a1130b647bb0d093c9c0a810c69aa6a30a8
- https://git.kernel.org/stable/c/adb25a46dc0a43173f5ea5f5f58fc8ba28970c7c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.