Primary

Context

Linux Kernel ERR_PTR Dereference Vulnerability in net/sched Component

Vulnerability

Patched

A vulnerability in the Linux kernel's networking scheduler component can lead to a crash during network namespace teardown. The issue arises because the function tcf_idrinfo_destroy() incorrectly passes an error pointer (ERR_PTR(-EBUSY)) as a tc_action reference, causing an invalid memory dereference. This vulnerability affects the Linux kernel stable tree.

Impact

This vulnerability can cause a kernel crash by leading to an invalid memory dereference, which can disrupt system operations and potentially create opportunities for further exploitation.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed. Instructions for downloading the patched version are available on the Linux kernel official website.

Added: Jan 23, 2026, 4:29 PM

Updated: Jan 23, 2026, 4:29 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

7.7

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

7.7

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ERR_PTR Dereference Vulnerability in net/sched Component

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating