Linux Kernel Vulnerability in Networking Scheduling Framework by Vendor
CVE-2026-43496

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-43496?

A vulnerability exists in the Linux kernel's networking scheduling framework that may cause a kernel panic. This issue arises during the dequeue process when a red qdisc interacts with its child's peek callback. Specifically, when a parent qdisc seeks to retrieve an skb from a child qdisc, it performs a peek operation first. If there is a packet available, it continues with a dequeue operation. However, improper handling of the dequeue can lead to dereferencing a null pointer, resulting in a system crash. This vulnerability has been addressed with a patch that modifies the dequeue mechanism to properly utilize the qdisc_dequeue_peeked() method, preventing the null pointer dereference and enhancing system stability.

Affected Version(s)

Linux 77be155cba4e163e8bba9fd27222a8b6189ec4f7 < 36aa34f42cb6842cf371f3a2d3e855d24fd57a50

Linux 77be155cba4e163e8bba9fd27222a8b6189ec4f7

Linux 77be155cba4e163e8bba9fd27222a8b6189ec4f7 < 8d09618840b99ef00154d3e731ce9b11e096196d

References

https://git.kernel.org/stable/c/36aa34f42cb6842cf371f3a2d...

https://git.kernel.org/stable/c/ce051eede433f876d322ac355...

https://git.kernel.org/stable/c/8d09618840b99ef00154d3e73...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43496 Data

JSON