{"id":"CVE-2026-23204","summary":"net/sched: cls_u32: use skb_header_pointer_careful()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_u32: use skb_header_pointer_careful()\n\nskb_header_pointer() does not fully validate negative @offset values.\n\nUse skb_header_pointer_careful() instead.\n\nGangMin Kim provided a report and a repro fooling u32_classify():\n\nBUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0\nnet/sched/cls_u32.c:221","modified":"2026-05-09T07:59:09.285809372Z","published":"2026-02-14T16:27:27.708Z","related":["ALSA-2026:6036","ALSA-2026:6037","ALSA-2026:6153","ALSA-2026:6632","SUSE-SU-2026:0928-1","SUSE-SU-2026:0961-1","SUSE-SU-2026:0962-1","SUSE-SU-2026:0984-1","SUSE-SU-2026:1003-1","SUSE-SU-2026:1041-1","SUSE-SU-2026:1077-1","SUSE-SU-2026:1078-1","SUSE-SU-2026:1081-1","SUSE-SU-2026:1131-1","SUSE-SU-2026:1684-1","SUSE-SU-2026:1686-1","SUSE-SU-2026:1689-1","SUSE-SU-2026:1691-1","SUSE-SU-2026:1694-1","SUSE-SU-2026:1698-1","SUSE-SU-2026:1708-1","SUSE-SU-2026:1710-1","SUSE-SU-2026:1718-1","SUSE-SU-2026:1725-1","SUSE-SU-2026:1726-1","SUSE-SU-2026:1728-1","SUSE-SU-2026:1733-1","SUSE-SU-2026:1735-1","SUSE-SU-2026:1765-1","SUSE-SU-2026:1767-1","SUSE-SU-2026:1768-1","SUSE-SU-2026:1770-1","SUSE-SU-2026:1771-1","SUSE-SU-2026:1773-1","SUSE-SU-2026:1776-1","SUSE-SU-2026:21114-1","SUSE-SU-2026:21123-1","SUSE-SU-2026:21237-1","SUSE-SU-2026:21255-1","SUSE-SU-2026:21352-1","SUSE-SU-2026:21361-1","SUSE-SU-2026:21468-1","SUSE-SU-2026:21469-1","SUSE-SU-2026:21470-1","SUSE-SU-2026:21471-1","SUSE-SU-2026:21472-1","SUSE-SU-2026:21473-1","SUSE-SU-2026:21474-1","SUSE-SU-2026:21475-1","SUSE-SU-2026:21476-1","SUSE-SU-2026:21477-1","SUSE-SU-2026:21478-1","SUSE-SU-2026:21479-1","SUSE-SU-2026:21480-1","SUSE-SU-2026:21481-1","SUSE-SU-2026:21482-1","SUSE-SU-2026:21483-1","SUSE-SU-2026:21484-1","SUSE-SU-2026:21485-1","SUSE-SU-2026:21486-1","SUSE-SU-2026:21487-1","SUSE-SU-2026:21488-1","SUSE-SU-2026:21491-1","SUSE-SU-2026:21495-1","SUSE-SU-2026:21496-1","SUSE-SU-2026:21497-1","SUSE-SU-2026:21498-1","SUSE-SU-2026:21499-1","SUSE-SU-2026:21500-1","SUSE-SU-2026:21501-1","SUSE-SU-2026:21502-1","SUSE-SU-2026:21503-1","SUSE-SU-2026:21504-1","SUSE-SU-2026:21505-1","SUSE-SU-2026:21506-1","SUSE-SU-2026:21507-1","SUSE-SU-2026:21508-1","SUSE-SU-2026:21509-1","SUSE-SU-2026:21510-1","SUSE-SU-2026:21511-1","SUSE-SU-2026:21512-1","SUSE-SU-2026:21513-1","SUSE-SU-2026:21514-1","SUSE-SU-2026:21515-1","SUSE-SU-2026:21516-1","openSUSE-SU-2026:20572-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23204.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/13336a6239b9d7c6e61483017bb8bdfe3ceb10a5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8a672f177ebe19c93d795fbe967846084fbc7943"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cabd1a976375780dabab888784e356f574bbaed8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cfa745830e45ecb75c061aa34330ee0cac941cc7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e41a23e61259f5526af875c3b86b3d42a9bae0e5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23204.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23204"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d"},{"fixed":"cfa745830e45ecb75c061aa34330ee0cac941cc7"},{"fixed":"13336a6239b9d7c6e61483017bb8bdfe3ceb10a5"},{"fixed":"e41a23e61259f5526af875c3b86b3d42a9bae0e5"},{"fixed":"8a672f177ebe19c93d795fbe967846084fbc7943"},{"fixed":"cabd1a976375780dabab888784e356f574bbaed8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23204.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.35"},{"fixed":"6.1.167"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.124"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.70"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23204.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}