{"id":"CVE-2026-23204","summary":"net/sched: cls_u32: use skb_header_pointer_careful()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_u32: use skb_header_pointer_careful()\n\nskb_header_pointer() does not fully validate negative @offset values.\n\nUse skb_header_pointer_careful() instead.\n\nGangMin Kim provided a report and a repro fooling u32_classify():\n\nBUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0\nnet/sched/cls_u32.c:221","modified":"2026-04-29T18:29:31.931291005Z","published":"2026-02-14T16:27:27.708Z","related":["ALSA-2026:6036","ALSA-2026:6037","ALSA-2026:6153","ALSA-2026:6632","SUSE-SU-2026:0928-1","SUSE-SU-2026:0961-1","SUSE-SU-2026:0962-1","SUSE-SU-2026:0984-1","SUSE-SU-2026:1003-1","SUSE-SU-2026:1041-1","SUSE-SU-2026:1077-1","SUSE-SU-2026:1078-1","SUSE-SU-2026:1081-1","SUSE-SU-2026:1131-1","SUSE-SU-2026:21114-1","SUSE-SU-2026:21123-1","SUSE-SU-2026:21237-1","SUSE-SU-2026:21255-1","SUSE-SU-2026:21352-1","SUSE-SU-2026:21361-1","openSUSE-SU-2026:20572-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23204.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/13336a6239b9d7c6e61483017bb8bdfe3ceb10a5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8a672f177ebe19c93d795fbe967846084fbc7943"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cabd1a976375780dabab888784e356f574bbaed8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cfa745830e45ecb75c061aa34330ee0cac941cc7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e41a23e61259f5526af875c3b86b3d42a9bae0e5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23204.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23204"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d"},{"fixed":"cfa745830e45ecb75c061aa34330ee0cac941cc7"},{"fixed":"13336a6239b9d7c6e61483017bb8bdfe3ceb10a5"},{"fixed":"e41a23e61259f5526af875c3b86b3d42a9bae0e5"},{"fixed":"8a672f177ebe19c93d795fbe967846084fbc7943"},{"fixed":"cabd1a976375780dabab888784e356f574bbaed8"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23204.json"}}],"schema_version":"1.7.5"}