VYPR
Unrated severityNVD Advisory· Published Jan 23, 2026· Updated Feb 9, 2026

net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy

CVE-2026-22987

Description

In the Linux kernel, the following vulnerability has been resolved:

net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy

syzbot reported a crash in tc_act_in_hw() during netns teardown where tcf_idrinfo_destroy() passed an ERR_PTR(-EBUSY) value as a tc_action pointer, leading to an invalid dereference.

Guard against ERR_PTR entries when iterating the action IDR so teardown does not call tc_act_in_hw() on an error pointer.

Affected products

2
  • Linux/Kernelllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 6.17

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.