SB2026032571 - Function Call with Incorrectly Specified Arguments in Linux kernel sched
Published: March 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Function Call with Incorrectly Specified Arguments (CVE-ID: CVE-2026-23379)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in the ets_offload_change function when handling traffic control (tc) commands for ETS qdisc offloading. A local user can send a specially crafted request to trigger a divide-by-zero error, leading to a kernel oops and system crash.
The issue arises from unsigned 32-bit integer overflows in 'q_sum' and 'q_psum' variables during WRR weight computation, which can result in division by zero in the offload path.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3912871344d6a0f1f572a7af2716968182d1e536
- https://git.kernel.org/stable/c/78b8d2f55a564236435649fbd8bd6a103f30acf5
- https://git.kernel.org/stable/c/7dbffffd5761687e168fb2f4aaa7a2c47e067efc
- https://git.kernel.org/stable/c/a6677e23b313cd9fd03690c589c6452cb6fffb97
- https://git.kernel.org/stable/c/abe1d5cb7fe135c0862c58db32bc29e04cf1c906
- https://git.kernel.org/stable/c/e35626f610f3d2b7953ccddf6a77453da22b3a9e