CVE-2026-23105 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq. use cl_is_active instead of relying on the child qdisc's qlen to determine class activation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/77f1afd0bb4d5da95236f6114e6d0dfcde187ff6
https://git.kernel.org/stable/c/93b8635974fb050c43d07e35e5edfe6e685ca28a
https://git.kernel.org/stable/c/abd9fc26ea577561a5ef6241a1b058755ffdad0c
https://git.kernel.org/stable/c/d837fbee92453fbb829f950c8e7cf76207d73f33

History

Wed, 04 Feb 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq. use cl_is_active instead of relying on the child qdisc's qlen to determine class activation.
Title		net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/77f1afd0bb4d5da95236f6114e6d0dfcde187ff6 https://git.kernel.org/stable/c/93b8635974fb050c43d07e35e5edfe6e685ca28a https://git.kernel.org/stable/c/abd9fc26ea577561a5ef6241a1b058755ffdad0c https://git.kernel.org/stable/c/d837fbee92453fbb829f950c8e7cf76207d73f33

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-04T16:08:26.376Z

Updated: 2026-02-04T16:08:26.376Z

Reserved: 2026-01-13T15:37:45.966Z

Link: CVE-2026-23105

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-02-04T17:16:21.370

Modified: 2026-02-04T17:16:21.370

Link: CVE-2026-23105

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23105", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.966Z", "datePublished": "2026-02-04T16:08:26.376Z", "dateUpdated": "2026-02-04T16:08:26.376Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-02-04T16:08:26.376Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag\n\nThis is more of a preventive patch to make the code more consistent and\nto prevent possible exploits that employ child qlen manipulations on qfq.\nuse cl_is_active instead of relying on the child qdisc's qlen to determine\nclass activation."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sched/sch_qfq.c"], "versions": [{"version": "462dbc9101acd38e92eda93c0726857517a24bbd", "lessThan": "93b8635974fb050c43d07e35e5edfe6e685ca28a", "status": "affected", "versionType": "git"}, {"version": "462dbc9101acd38e92eda93c0726857517a24bbd", "lessThan": "abd9fc26ea577561a5ef6241a1b058755ffdad0c", "status": "affected", "versionType": "git"}, {"version": "462dbc9101acd38e92eda93c0726857517a24bbd", "lessThan": "77f1afd0bb4d5da95236f6114e6d0dfcde187ff6", "status": "affected", "versionType": "git"}, {"version": "462dbc9101acd38e92eda93c0726857517a24bbd", "lessThan": "d837fbee92453fbb829f950c8e7cf76207d73f33", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sched/sch_qfq.c"], "versions": [{"version": "3.8", "status": "affected"}, {"version": "0", "lessThan": "3.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.68", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19-rc7", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.8", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.8", "versionEndExcluding": "6.12.68"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.8", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.8", "versionEndExcluding": "6.19-rc7"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/93b8635974fb050c43d07e35e5edfe6e685ca28a"}, {"url": "https://git.kernel.org/stable/c/abd9fc26ea577561a5ef6241a1b058755ffdad0c"}, {"url": "https://git.kernel.org/stable/c/77f1afd0bb4d5da95236f6114e6d0dfcde187ff6"}, {"url": "https://git.kernel.org/stable/c/d837fbee92453fbb829f950c8e7cf76207d73f33"}], "title": "net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag", "x_generator": {"engine": "bippy-1.2.0"}}}}