Wind River Support Network

HomeDefectsLIN1025-8163
Acknowledged

LIN1025-8163 : Security Advisory - linux - CVE-2026-23204

Created: Feb 24, 2026    Updated: Feb 26, 2026
Found In Version: 10.25.33.2
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:

net/sched: cls_u32: use skb_header_pointer_careful()

skb_header_pointer() does not fully validate negative @offset values.

Use skb_header_pointer_careful() instead.

GangMin Kim provided a report and a repro fooling u32_classify():

BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0
net/sched/cls_u32.c:221
  • Linkedin
  • Facebook
  • Twitter
  • Youtube