CVE-2026-23074

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue related to the teql queuing discipline. The intended design of teql is for it to be used only as a root queuing discipline. The issue arises when teql is used as a child qdisc under certain conditions, specifically with QFQ and netem. A scenario involving delayed packets and updates to the lmax value can lead to a use-after-free condition due to incorrect queue length (qlen) management. Specifically, teql only updates the parent visible qlen at dequeue, and because peek always returns NULL, dequeue is never called, leaving the qlen at 0. This can cause a dangling pointer to be accessed when a packet is rescheduled. The vulnerable functions involved are qfq change class and qfq deact rm from agg.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.