Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro fooling u32_classify(): BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221

INFO

Published Date :

2026-02-14T16:27:27.708Z

Last Modified :

2026-04-03T13:32:30.124Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23204 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23204.

URL Resource
https://git.kernel.org/stable/c/13336a6239b9d7c6e61483017bb8bdfe3ceb10a5 cve-icon cve-icon
https://git.kernel.org/stable/c/8a672f177ebe19c93d795fbe967846084fbc7943 cve-icon cve-icon
https://git.kernel.org/stable/c/cabd1a976375780dabab888784e356f574bbaed8 cve-icon cve-icon
https://git.kernel.org/stable/c/cfa745830e45ecb75c061aa34330ee0cac941cc7 cve-icon cve-icon
https://git.kernel.org/stable/c/e41a23e61259f5526af875c3b86b3d42a9bae0e5 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026021437-CVE-2026-23204-be85@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23204 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23204 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact