Linux kernel cls_flow NULL deref on shared blocks: CVE-2026-31422 April 2026

Linux kernel cls_flow NULL deref on shared blocks
CVE-2026-31422 Published on April 13, 2026

net/sched: cls_flow: fix NULL pointer dereference on shared blocks
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_flow: fix NULL pointer dereference on shared blocks flow_change() calls tcf_block_q() and dereferences q->handle to derive a default baseclass. Shared blocks leave block->q NULL, causing a NULL deref when a flow filter without a fully qualified baseclass is created on a shared block. Check tcf_block_shared() before accessing block->q and return -EINVAL for shared blocks. This avoids the null-deref shown below: ======================================================================= KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] RIP: 0010:flow_change (net/sched/cls_flow.c:508) Call Trace: tc_new_tfilter (net/sched/cls_api.c:2432) rtnetlink_rcv_msg (net/core/rtnetlink.c:6980) [...] =======================================================================

Products Associated with CVE-2026-31422

Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.

Affected Versions

Version 1abf272022cf1d18469405f47b4ec49c6a3125db and below 57f94ac7e953eece5ed4819605a18f3cdfc63dcc is affected.

Version 1abf272022cf1d18469405f47b4ec49c6a3125db and below 942813276edeb1741fa5b0a73471beb4e495fa08 is affected.

Version 1abf272022cf1d18469405f47b4ec49c6a3125db and below cc707a4fd4c3b6ab2722e06bc359aa010e13d408 is affected.

Version 1abf272022cf1d18469405f47b4ec49c6a3125db and below 4a09f72007201c9f667dc47f64517ec23eea65e5 is affected.

Version 1abf272022cf1d18469405f47b4ec49c6a3125db and below 9bf5fc36a43f7b8b5507c96e74fb81f1e8b4957e is affected.

Version 1abf272022cf1d18469405f47b4ec49c6a3125db and below a208c3e1232997e9317887294c20008dfcb75449 is affected.

Version 1abf272022cf1d18469405f47b4ec49c6a3125db and below 415ea0c973c754b9f375225807810eb9045f4293 is affected.

Version 1abf272022cf1d18469405f47b4ec49c6a3125db and below 1a280dd4bd1d616a01d6ffe0de284c907b555504 is affected.

Version 4.15 is affected.

Before 4.15 is unaffected.

Version 5.10.253, <= 5.10.* is unaffected.

Version 5.15.203, <= 5.15.* is unaffected.

Version 6.1.168, <= 6.1.* is unaffected.

Version 6.6.134, <= 6.6.* is unaffected.

Version 6.12.81, <= 6.12.* is unaffected.

Version 6.18.22, <= 6.18.* is unaffected.

Version 6.19.12, <= 6.19.* is unaffected.

Version 7.0, <= * is unaffected.

Exploit Probability

EPSS

0.02%

Percentile

6.60%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Linux kernel cls_flow NULL deref on shared blocksCVE-2026-31422 Published on April 13, 2026

Products Associated with CVE-2026-31422

Affected Versions

Exploit Probability

Linux kernel cls_flow NULL deref on shared blocks
CVE-2026-31422 Published on April 13, 2026