CVE-2026-23105

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag

This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq. use cl_is_active instead of relying on the child qdisc's qlen to determine class activation.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux462dbc9101acd38e92eda93c0726857517a24bbd < fac2c67bb2bb732eae4283e45fc338af7e08c254affected
LinuxLinux462dbc9101acd38e92eda93c0726857517a24bbd < b8c24cf5268fb3bfb8d16324c3dbb985f698c835affected
LinuxLinux462dbc9101acd38e92eda93c0726857517a24bbd < f27047abf7cac1b6f90c3ad60de21ef9f717c26daffected
LinuxLinux462dbc9101acd38e92eda93c0726857517a24bbd < 93b8635974fb050c43d07e35e5edfe6e685ca28aaffected
LinuxLinux462dbc9101acd38e92eda93c0726857517a24bbd < abd9fc26ea577561a5ef6241a1b058755ffdad0caffected
LinuxLinux462dbc9101acd38e92eda93c0726857517a24bbd < 77f1afd0bb4d5da95236f6114e6d0dfcde187ff6affected
LinuxLinux462dbc9101acd38e92eda93c0726857517a24bbd < d837fbee92453fbb829f950c8e7cf76207d73f33affected
LinuxLinux3.8affected
LinuxLinux0 < 3.8unaffected
LinuxLinux5.10.249 <= 5.10.*unaffected
LinuxLinux5.15.199 <= 5.15.*unaffected
LinuxLinux6.1.162 <= 6.1.*unaffected
LinuxLinux6.6.122 <= 6.6.*unaffected
LinuxLinux6.12.68 <= 6.12.*unaffected
LinuxLinux6.18.8 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References