Linux Kernel cls_u32 skb_header_pointer CVE-2026-23204
CVE-2026-23204 Published on February 14, 2026
net/sched: cls_u32: use skb_header_pointer_careful()
In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_u32: use skb_header_pointer_careful()
skb_header_pointer() does not fully validate negative @offset values.
Use skb_header_pointer_careful() instead.
GangMin Kim provided a report and a repro fooling u32_classify():
BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0
net/sched/cls_u32.c:221
Products Associated with CVE-2026-23204
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-23204 are published in Linux Kernel:
Affected Versions
Linux:- Version fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d and below 13336a6239b9d7c6e61483017bb8bdfe3ceb10a5 is affected.
- Version fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d and below e41a23e61259f5526af875c3b86b3d42a9bae0e5 is affected.
- Version fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d and below 8a672f177ebe19c93d795fbe967846084fbc7943 is affected.
- Version fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d and below cabd1a976375780dabab888784e356f574bbaed8 is affected.
- Version 2.6.35 is affected.
- Before 2.6.35 is unaffected.
- Version 6.6.124, <= 6.6.* is unaffected.
- Version 6.12.70, <= 6.12.* is unaffected.
- Version 6.18.10, <= 6.18.* is unaffected.
- Version 6.19, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.