CVE-2026-23204

Advisory lineage Upstream: 0 Downstream: 44
Modified
Published: 14 Feb 2026, 16:27
Last modified:01 Jun 2026, 16:10

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
7.1 HIGH
v3.1 (nvd)
EPSS Score
0.02% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

14 Feb 2026, 16:27
Published
Vulnerability first disclosed
01 Jun 2026, 16:10
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro fooling u32_classify(): BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221

CVSS Metrics

  • v3.1HIGHScore: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.02% Percentile: 5%

Techniques & Countermeasures

  • CWE-125Out-of-bounds Read

    The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

  • linuxlinux

    ≥ fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d, < 29681ed51e737be14d18ecd1c304c57002e4b72c | ≥ fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d, < cfa745830e45ecb75c061aa34330ee0cac941cc7 | ≥ fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d, < 13336a6239b9d7c6e61483017bb8bdfe3ceb10a5 | ≥ fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d, < e41a23e61259f5526af875c3b86b3d42a9bae0e5 | ≥ fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d, < 8a672f177ebe19c93d795fbe967846084fbc7943 | ≥ fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d, < cabd1a976375780dabab888784e356f574bbaed8 | 2.6.35

  • linuxlinux_kernel

    ≥ 2.6.35.1, < 6.6.124 | ≥ 6.7, < 6.12.70 | ≥ 6.13, < 6.18.10 | 2.6.35 | 2.6.35:rc2 | 2.6.35:rc3 | 2.6.35:rc4 | 2.6.35:rc5 | 2.6.35:rc6 | 6.19:rc1 | 6.19:rc2 | 6.19:rc3 | 6.19:rc4 | 6.19:rc5 | 6.19:rc6 | 6.19:rc7 | 6.19:rc8

References (6)