CVE-2026-23064
- Source
- https://cve.org/CVERecord?id=CVE-2026-23064
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23064.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-23064
- Downstream
- Related
- Published
- 2026-02-04T16:07:46.329Z
- Modified
- 2026-05-07T04:18:28.754444Z
- Summary
- net/sched: act_ife: avoid possible NULL deref
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_ife: avoid possible NULL deref
tcfifeencode() must make sure ife_encode() does not return NULL.
syzbot reported:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:ifetlvmetaencode+0x41/0xa0 net/ife/ife.c:166 CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full) Call Trace: <TASK> ifeencodemetau32+0x153/0x180 net/sched/actife.c:101 tcfifeencode net/sched/actife.c:841 [inline] tcfifeact+0x1022/0x1de0 net/sched/actife.c:877 tcact include/net/tcwrapper.h:130 [inline] tcfactionexec+0x1c0/0xa20 net/sched/actapi.c:1152 tcfextsexec include/net/pktcls.h:349 [inline] mallclassify+0x1a0/0x2a0 net/sched/clsmatchall.c:42 tcclassify include/net/tc_wrapper.h:197 [inline] __tcfclassify net/sched/clsapi.c:1764 [inline] tcfclassify+0x7f2/0x1380 net/sched/clsapi.c:1860 multiqclassify net/sched/schmultiq.c:39 [inline] multiqenqueue+0xe0/0x510 net/sched/schmultiq.c:66 devqdiscenqueue+0x45/0x250 net/core/dev.c:4147 __devxmitskb net/core/dev.c:4262 [inline] __devqueuexmit+0x2998/0x46c0 net/core/dev.c:4798
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23064.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/03710cebfc0bcfe247a9e04381e79ea33896e278
- https://git.kernel.org/stable/c/1440d749fe49c8665da6f744323b1671d25a56a0
- https://git.kernel.org/stable/c/27880b0b0d35ad1c98863d09788254e36f874968
- https://git.kernel.org/stable/c/374915dfc932adf57712df3be010667fd1190e3c
- https://git.kernel.org/stable/c/4ef2c77851676b7ed106f0c47755bee9eeec9a40
- https://git.kernel.org/stable/c/6c75fed55080014545f262b7055081cec4768b20
- https://git.kernel.org/stable/c/dd9442aedbeae87c44cc64c0ee41abd296dc008b
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23064.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23064
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced295a6e06d21e1f469c9f38b00125a13b60ad4e7cFixed4ef2c77851676b7ed106f0c47755bee9eeec9a40Fixeddd9442aedbeae87c44cc64c0ee41abd296dc008bFixed1440d749fe49c8665da6f744323b1671d25a56a0Fixed03710cebfc0bcfe247a9e04381e79ea33896e278Fixed374915dfc932adf57712df3be010667fd1190e3cFixed6c75fed55080014545f262b7055081cec4768b20Fixed27880b0b0d35ad1c98863d09788254e36f874968
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.11.0Fixed5.10.249
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.199
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.162
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.122
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.68
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.8