๐Ÿ” CVE Alert

CVE-2026-22999

HIGH 7.8

net/sched: sch_qfq: do not free existing class in qfq_change_class()

CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Jan 25, 2026
Last Updated Apr 27, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Linux / Linux
462dbc9101acd38e92eda93c0726857517a24bbd < 2a64fb9b47afffeb5dbab5fd3a518e1436dcc90e 462dbc9101acd38e92eda93c0726857517a24bbd < cff6cd703f41d8071995956142729e4bba160363 462dbc9101acd38e92eda93c0726857517a24bbd < f06f7635499bc806cbe2bbc8805c7cef8b1edddf 462dbc9101acd38e92eda93c0726857517a24bbd < 0a234660dc70ce45d771cbc76b20d925b73ec160 462dbc9101acd38e92eda93c0726857517a24bbd < 362e269bb03f7076ba9990e518aeddb898232e50 462dbc9101acd38e92eda93c0726857517a24bbd < e9d8f11652fa08c647bf7bba7dd8163241a332cd 462dbc9101acd38e92eda93c0726857517a24bbd < 3879cffd9d07aa0377c4b8835c4f64b4fb24ac78
Linux / Linux
3.8

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/2a64fb9b47afffeb5dbab5fd3a518e1436dcc90e git.kernel.org: https://git.kernel.org/stable/c/cff6cd703f41d8071995956142729e4bba160363 git.kernel.org: https://git.kernel.org/stable/c/f06f7635499bc806cbe2bbc8805c7cef8b1edddf git.kernel.org: https://git.kernel.org/stable/c/0a234660dc70ce45d771cbc76b20d925b73ec160 git.kernel.org: https://git.kernel.org/stable/c/362e269bb03f7076ba9990e518aeddb898232e50 git.kernel.org: https://git.kernel.org/stable/c/e9d8f11652fa08c647bf7bba7dd8163241a332cd git.kernel.org: https://git.kernel.org/stable/c/3879cffd9d07aa0377c4b8835c4f64b4fb24ac78