CVE-2026-31422
- Source
- https://cve.org/CVERecord?id=CVE-2026-31422
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31422.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-31422
- Downstream
- Related
- Published
- 2026-04-13T13:40:25.911Z
- Modified
- 2026-06-18T03:54:32.369518125Z
- Summary
- net/sched: cls_flow: fix NULL pointer dereference on shared blocks
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_flow: fix NULL pointer dereference on shared blocks
flowchange() calls tcfblock_q() and dereferences q->handle to derive a default baseclass. Shared blocks leave block->q NULL, causing a NULL deref when a flow filter without a fully qualified baseclass is created on a shared block.
Check tcfblockshared() before accessing block->q and return -EINVAL for shared blocks. This avoids the null-deref shown below:
======================================================================= KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] RIP: 0010:flowchange (net/sched/clsflow.c:508) Call Trace: tcnewtfilter (net/sched/clsapi.c:2432) rtnetlinkrcv_msg (net/core/rtnetlink.c:6980)
[...]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31422.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/1a280dd4bd1d616a01d6ffe0de284c907b555504
- https://git.kernel.org/stable/c/415ea0c973c754b9f375225807810eb9045f4293
- https://git.kernel.org/stable/c/4a09f72007201c9f667dc47f64517ec23eea65e5
- https://git.kernel.org/stable/c/57f94ac7e953eece5ed4819605a18f3cdfc63dcc
- https://git.kernel.org/stable/c/942813276edeb1741fa5b0a73471beb4e495fa08
- https://git.kernel.org/stable/c/9bf5fc36a43f7b8b5507c96e74fb81f1e8b4957e
- https://git.kernel.org/stable/c/a208c3e1232997e9317887294c20008dfcb75449
- https://git.kernel.org/stable/c/cc707a4fd4c3b6ab2722e06bc359aa010e13d408
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31422.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-31422
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1abf272022cf1d18469405f47b4ec49c6a3125dbFixed57f94ac7e953eece5ed4819605a18f3cdfc63dccFixed942813276edeb1741fa5b0a73471beb4e495fa08Fixedcc707a4fd4c3b6ab2722e06bc359aa010e13d408Fixed4a09f72007201c9f667dc47f64517ec23eea65e5Fixed9bf5fc36a43f7b8b5507c96e74fb81f1e8b4957eFixeda208c3e1232997e9317887294c20008dfcb75449Fixed415ea0c973c754b9f375225807810eb9045f4293Fixed1a280dd4bd1d616a01d6ffe0de284c907b555504
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed5.10.253
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.203
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.168
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.134
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.81
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.22
- Type
- ECOSYSTEM
- Events
-
Introduced6.19.0Fixed6.19.12