CVE-2026-23204

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue within the networking scheduler (cls u32) where the skb header pointer() function does not fully validate negative offset values. This can lead to out-of-bounds access. The recommended solution is to utilize skb header pointer careful() instead. A report and reproduction case were provided by GangMin Kim demonstrating a kernel slab out-of-bounds condition in the u32 classify() function.

Recommendations Utilize skb header pointer careful() instead of skb header pointer().

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2026:6036

ALSA-2026:6037

ALSA-2026:6153

ALSA-2026:6632

CVE-2026-23204

ECHO-2388-0F99-A7B2

OESA-2026-1760

OPENSUSE-SU-2026:20572-1

RHSA-2026:10108

RHSA-2026:10756

RHSA-2026:6036

RHSA-2026:6037

RHSA-2026:6153

RHSA-2026:6632

RHSA-2026:8342

RHSA-2026:9112

RHSA-2026:9512

RHSA-2026:9513

RHSA-2026:9514

RHSA-2026:9515

RHSA-2026:9643

RHSA-2026:9644

RHSA-2026:9835

RHSA-2026:9836

RHSA-2026:9870

SUSE-SU-2026:0928-1

SUSE-SU-2026:0961-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:0984-1

SUSE-SU-2026:1003-1

SUSE-SU-2026:1041-1

SUSE-SU-2026:1077-1

SUSE-SU-2026:1078-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:1131-1

SUSE-SU-2026:1684-1

SUSE-SU-2026:1686-1

SUSE-SU-2026:1689-1

SUSE-SU-2026:1691-1

SUSE-SU-2026:1694-1

SUSE-SU-2026:1698-1

SUSE-SU-2026:1708-1

SUSE-SU-2026:1710-1

SUSE-SU-2026:1718-1

SUSE-SU-2026:1725-1

SUSE-SU-2026:1726-1

SUSE-SU-2026:1728-1

SUSE-SU-2026:1733-1

SUSE-SU-2026:1735-1

SUSE-SU-2026:1765-1

SUSE-SU-2026:1767-1

SUSE-SU-2026:1768-1

SUSE-SU-2026:1770-1

SUSE-SU-2026:1771-1

SUSE-SU-2026:1773-1

SUSE-SU-2026:1776-1

SUSE-SU-2026:1780-1

SUSE-SU-2026:1781-1

SUSE-SU-2026:1786-1

SUSE-SU-2026:1787-1

SUSE-SU-2026:1790-1

SUSE-SU-2026:1791-1

SUSE-SU-2026:1793-1

SUSE-SU-2026:1798-1

SUSE-SU-2026:1801-1

SUSE-SU-2026:1804-1

SUSE-SU-2026:21114-1

SUSE-SU-2026:21123-1

SUSE-SU-2026:21237-1

SUSE-SU-2026:21255-1

SUSE-SU-2026:21352-1

SUSE-SU-2026:21361-1

SUSE-SU-2026:21468-1

SUSE-SU-2026:21469-1

SUSE-SU-2026:21470-1

SUSE-SU-2026:21471-1

SUSE-SU-2026:21472-1

SUSE-SU-2026:21473-1

SUSE-SU-2026:21474-1

SUSE-SU-2026:21475-1

SUSE-SU-2026:21476-1

SUSE-SU-2026:21477-1

SUSE-SU-2026:21478-1

SUSE-SU-2026:21479-1

SUSE-SU-2026:21480-1

SUSE-SU-2026:21481-1

SUSE-SU-2026:21482-1

SUSE-SU-2026:21483-1

SUSE-SU-2026:21484-1

SUSE-SU-2026:21485-1

SUSE-SU-2026:21486-1

SUSE-SU-2026:21487-1

SUSE-SU-2026:21488-1

SUSE-SU-2026:21491-1

SUSE-SU-2026:21495-1

SUSE-SU-2026:21496-1

SUSE-SU-2026:21497-1

SUSE-SU-2026:21498-1

SUSE-SU-2026:21499-1

SUSE-SU-2026:21500-1

SUSE-SU-2026:21501-1

SUSE-SU-2026:21502-1

SUSE-SU-2026:21503-1

SUSE-SU-2026:21504-1

SUSE-SU-2026:21505-1

SUSE-SU-2026:21506-1

SUSE-SU-2026:21507-1

SUSE-SU-2026:21508-1

SUSE-SU-2026:21509-1

SUSE-SU-2026:21510-1

SUSE-SU-2026:21511-1

SUSE-SU-2026:21512-1

SUSE-SU-2026:21513-1

SUSE-SU-2026:21514-1

SUSE-SU-2026:21515-1

SUSE-SU-2026:21516-1

SUSE-SU-2026:21519-1

SUSE-SU-2026:21521-1

SUSE-SU-2026:21522-1

SUSE-SU-2026:21523-1

SUSE-SU-2026:21525-1

SUSE-SU-2026:21526-1

SUSE-SU-2026:21527-1

SUSE-SU-2026:21528-1

SUSE-SU-2026:21529-1

SUSE-SU-2026:21530-1

SUSE-SU-2026:21531-1

SUSE-SU-2026:21532-1

SUSE-SU-2026:21533-1

SUSE-SU-2026:21554-1

SUSE-SU-2026:21555-1

SUSE-SU-2026:21557-1

SUSE-SU-2026:21558-1

SUSE-SU-2026:21562-1

SUSE-SU-2026:21563-1

SUSE-SU-2026:21591-1

SUSE-SU-2026:21598-1

USN-8278-1

USN-8289-1

USN-8296-1

Affected Products

Linuxmint

Linux Kernel

Rocky Linux

Ubuntu

CVE-2026-23204

Weakness Enumeration

Related Identifiers

Affected Products

References · 1019