CVE-2026-22977

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.62

Description The Linux kernel contained a flaw within the networking subsystem related to usercopy handling. Specifically, the skbuff fclone cache was initialized without defining a usercopy region, unlike skbuff head cache, which properly whitelists the cb[] field. This resulted in a usercopy error when the CONFIG HARDENED USERCOPY option was enabled, and the kernel attempted to copy data from sk buff.cb to userspace via sock recv errqueue() and put cmsg(). The issue occurred when cloned skbs allocated from skbuff fclone cache were used in the socket error queue, triggering a usercopy hardening violation. The crash involved accessing the sock exterr skb structure in skb->cb through put cmsg().

Recommendations Update to Linux kernel version 6.12.62 or later.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-78449

CVE-2026-22977

ECHO-A371-0038-BDBD

OESA-2026-1566

OESA-2026-1567

OESA-2026-1570

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8096-1

USN-8096-2

USN-8096-3

USN-8096-4

USN-8096-5

USN-8116-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8243-1

USN-8278-1

USN-8278-2

USN-8289-1

USN-8289-2

USN-8296-1

USN-8296-2

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-22977

Weakness Enumeration

Related Identifiers

Affected Products

References · 2264