Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-rf63-9f5h-hhg6

Опубликовано: 14 фев. 2026
Источник: github
Github: Не прошло ревью
CVSS3: 7.1

Описание

In the Linux kernel, the following vulnerability has been resolved:

net/sched: cls_u32: use skb_header_pointer_careful()

skb_header_pointer() does not fully validate negative @offset values.

Use skb_header_pointer_careful() instead.

GangMin Kim provided a report and a repro fooling u32_classify():

BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221

In the Linux kernel, the following vulnerability has been resolved:

net/sched: cls_u32: use skb_header_pointer_careful()

skb_header_pointer() does not fully validate negative @offset values.

Use skb_header_pointer_careful() instead.

GangMin Kim provided a report and a repro fooling u32_classify():

BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221

Ссылки

EPSS

Процентиль: 3%
0.00015
Низкий

7.1 High

CVSS3

CVE ID

CVE-2026-23204

Дефекты

CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2026-23204

CVSS3: 7.1
ubuntu
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro fooling u32_classify(): BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221

redhat логотип

CVE-2026-23204

CVSS3: 7.3
redhat
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro fooling u32_classify(): BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221

nvd логотип

CVE-2026-23204

CVSS3: 7.1
nvd
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro fooling u32_classify(): BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221

msrc логотип

CVE-2026-23204

msrc
7 дней назад

net/sched: cls_u32: use skb_header_pointer_careful()

debian логотип

CVE-2026-23204

CVSS3: 7.1
debian
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: n ...

EPSS

Процентиль: 3%
0.00015
Низкий

7.1 High

CVSS3

CVE ID

CVE-2026-23204

Дефекты

CWE-125