CVE-2026-22999

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s networking scheduler, specifically within the sch qfq (Stochastic Fairness Queueing) component. The qfq change class() function contains an error that can lead to a use-after-free condition. This occurs when the function attempts to free memory that is still in use, potentially resulting in system instability or compromise. The issue arises because the cl->qdisc and cl structures are freed under incorrect circumstances, specifically when a new class and queueing discipline have not been allocated.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

AZL-78485

BDU:2026-01110

CVE-2026-22999

ECHO-C19F-9933-7028

OESA-2026-1566

OESA-2026-1567

OESA-2026-1570

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0471-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0473-1

SUSE-SU-2026:0474-1

SUSE-SU-2026:0475-1

SUSE-SU-2026:0495-1

SUSE-SU-2026:0496-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:0617-1

SUSE-SU-2026:1131-1

SUSE-SU-2026:1180-1

SUSE-SU-2026:1185-1

SUSE-SU-2026:1188-1

SUSE-SU-2026:1189-1

SUSE-SU-2026:1212-1

SUSE-SU-2026:1221-1

SUSE-SU-2026:1222-1

SUSE-SU-2026:1225-1

SUSE-SU-2026:1236-1

SUSE-SU-2026:1237-1

SUSE-SU-2026:1239-1

SUSE-SU-2026:1242-1

SUSE-SU-2026:1244-1

SUSE-SU-2026:1248-1

SUSE-SU-2026:1254-1

SUSE-SU-2026:1259-1

SUSE-SU-2026:1261-1

SUSE-SU-2026:1263-1

SUSE-SU-2026:1265-1

SUSE-SU-2026:1268-1

SUSE-SU-2026:1269-1

SUSE-SU-2026:1270-1

SUSE-SU-2026:1271-1

SUSE-SU-2026:1272-1

SUSE-SU-2026:1274-1

SUSE-SU-2026:1278-1

SUSE-SU-2026:1279-1

SUSE-SU-2026:1280-1

SUSE-SU-2026:1281-1

SUSE-SU-2026:1283-1

SUSE-SU-2026:1284-1

SUSE-SU-2026:1285-1

SUSE-SU-2026:1287-1

SUSE-SU-2026:1288-1

SUSE-SU-2026:1293-1

SUSE-SU-2026:1297-1

SUSE-SU-2026:1298-1

SUSE-SU-2026:1304-1

SUSE-SU-2026:1305-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:21005-1

SUSE-SU-2026:21006-1

SUSE-SU-2026:21007-1

SUSE-SU-2026:21008-1

SUSE-SU-2026:21009-1

SUSE-SU-2026:21020-1

SUSE-SU-2026:21041-1

SUSE-SU-2026:21042-1

SUSE-SU-2026:21043-1

SUSE-SU-2026:21044-1

SUSE-SU-2026:21045-1

SUSE-SU-2026:21046-1

SUSE-SU-2026:21047-1

SUSE-SU-2026:21048-1

SUSE-SU-2026:21049-1

SUSE-SU-2026:21050-1

SUSE-SU-2026:21051-1

SUSE-SU-2026:21052-1

SUSE-SU-2026:21053-1

SUSE-SU-2026:21054-1

SUSE-SU-2026:21055-1

SUSE-SU-2026:21056-1

SUSE-SU-2026:21057-1

SUSE-SU-2026:21058-1

SUSE-SU-2026:21059-1

SUSE-SU-2026:21060-1

SUSE-SU-2026:21061-1

SUSE-SU-2026:21071-1

SUSE-SU-2026:21072-1

SUSE-SU-2026:21073-1

SUSE-SU-2026:21074-1

SUSE-SU-2026:21075-1

SUSE-SU-2026:21076-1

SUSE-SU-2026:21077-1

SUSE-SU-2026:21078-1

SUSE-SU-2026:21079-1

SUSE-SU-2026:21080-1

SUSE-SU-2026:21081-1

SUSE-SU-2026:21082-1

SUSE-SU-2026:21083-1

SUSE-SU-2026:21084-1

SUSE-SU-2026:21085-1

SUSE-SU-2026:21086-1

SUSE-SU-2026:21087-1

SUSE-SU-2026:21088-1

SUSE-SU-2026:21089-1

SUSE-SU-2026:21090-1

SUSE-SU-2026:21091-1

SUSE-SU-2026:21096-1

SUSE-SU-2026:21099-1

SUSE-SU-2026:21100-1

SUSE-SU-2026:21102-1

SUSE-SU-2026:21216-1

SUSE-SU-2026:21217-1

SUSE-SU-2026:21219-1

SUSE-SU-2026:21220-1

SUSE-SU-2026:21221-1

USN-8162-1

USN-8180-1

USN-8180-2

USN-8180-3

USN-8180-4

USN-8180-5

USN-8180-6

USN-8186-1

USN-8187-1

USN-8188-1

USN-8243-1

USN-8275-1

USN-8278-1

USN-8289-1

USN-8296-1

USN-8297-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-22999

Weakness Enumeration

Related Identifiers

Affected Products

References · 3195