SB2026041420 - NULL pointer dereference in Linux kernel sched
Published: April 14, 2026
Security Bulletin ID
SB2026041420
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2026-31421)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in fw_classify() in the cls_fw packet classifier when classifying a packet after attaching an empty cls_fw filter to a shared block using the old method without TCA_OPTIONS. A local user can attach such a filter and trigger packet classification with a nonzero major skb mark to cause a denial of service.
The issue occurs because shared blocks leave block->q NULL in the old-method path.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/18328eff2f97d1a6adcdb6d4a0f42f2f83a31e28
- https://git.kernel.org/stable/c/3cb055df9e8625ce699a259d8178d67b37f2b160
- https://git.kernel.org/stable/c/3d41f9a314afa94b1c7c7c75405920123220e8cd
- https://git.kernel.org/stable/c/5cf41031922c154aa5ccda8bcdb0f5e6226582ec
- https://git.kernel.org/stable/c/96426c348def662b06bfdc65be3002905604927a
- https://git.kernel.org/stable/c/faeea8bbf6e958bf3c00cb08263109661975987c