HIGHCVE-2026-23105Published Modified CNA Linux
CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag
In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq. use cl_is_active instead of relying on the child qdisc's qlen to determine class activation.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
05.10.2495.15.1996.1.1626.6.1226.12.686.18.86.1977f1afd0bb4d5da95236f6114e6d0dfcde187ff693b8635974fb050c43d07e35e5edfe6e685ca28aabd9fc26ea577561a5ef6241a1b058755ffdad0cb8c24cf5268fb3bfb8d16324c3dbb985f698c835d837fbee92453fbb829f950c8e7cf76207d73f33f27047abf7cac1b6f90c3ad60de21ef9f717c26dfac2c67bb2bb732eae4283e45fc338af7e08c254
Affected packages
- Linux / Linux< fac2c67bb2bb732eae4283e45fc338af7e08c254 (from 462dbc9101acd38e92eda93c0726857517a24bbd) · < b8c24cf5268fb3bfb8d16324c3dbb985f698c835 (from 462dbc9101acd38e92eda93c0726857517a24bbd) · < f27047abf7cac1b6f90c3ad60de21ef9f717c26d (from 462dbc9101acd38e92eda93c0726857517a24bbd) · < 93b8635974fb050c43d07e35e5edfe6e685ca28a (from 462dbc9101acd38e92eda93c0726857517a24bbd) · < abd9fc26ea577561a5ef6241a1b058755ffdad0c (from 462dbc9101acd38e92eda93c0726857517a24bbd) · < 77f1afd0bb4d5da95236f6114e6d0dfcde187ff6 (from 462dbc9101acd38e92eda93c0726857517a24bbd)
- Linux / Linux3.8Fixed in 0, 5.10.249, 5.15.199, 6.1.162, 6.6.122, 6.12.68, 6.18.8, 6.19
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H