CVE-2026-23204

Feb. 14, 2026, 5:15 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro fooling u32_classify(): BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/13336a6239b9d7c6e61483017bb8bdfe3ceb10a5
https://git.kernel.org/stable/c/8a672f177ebe19c93d795fbe967846084fbc7943
https://git.kernel.org/stable/c/cabd1a976375780dabab888784e356f574bbaed8
https://git.kernel.org/stable/c/e41a23e61259f5526af875c3b86b3d42a9bae0e5

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-02-14
CVE-2026-23204

Timeline

Published: Feb. 14, 2026, 5:15 p.m.
Last Modified: Feb. 14, 2026, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.