Unrated severityNVD Advisory· Published Jan 23, 2026· Updated Feb 9, 2026

net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy

CVE-2026-22987

Description

In the Linux kernel, the following vulnerability has been resolved:

syzbot reported a crash in tc_act_in_hw() during netns teardown where tcf_idrinfo_destroy() passed an ERR_PTR(-EBUSY) value as a tc_action pointer, leading to an invalid dereference.

Guard against ERR_PTR entries when iterating the action IDR so teardown does not call tc_act_in_hw() on an error pointer.

Affected products

Linux/Linux Kernel Rtllm-fuzzy
Linux/Linuxv5
Range: 6.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/stable/c/67550a1130b647bb0d093c9c0a810c69aa6a30a8mitre
git.kernel.org/stable/c/adb25a46dc0a43173f5ea5f5f58fc8ba28970c7cmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000