Kernel NULL Pointer Dereference in Linux Networking Component
CVE-2026-45845

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-45845?

A vulnerability in the Linux kernel networking component allows an unprivileged local user to cause a kernel panic through improper handling of a TAPRIO child qdisc during deletion. Specifically, when a user attempts to delete a TAPRIO child qdisc, the system improperly handles a NULL pointer in the class dump, potentially leading to a crash. This could be exploited in network namespaces where unprivileged operations are allowed, making it critical for administrators to promptly address this issue by applying available patches and updates.

Affected Version(s)

Linux 665338b2a7a0139337d1f85be65ed16e487f84c1

Linux 665338b2a7a0139337d1f85be65ed16e487f84c1 < 48b26d48e76221dc90b02bf5428bab53643461ca

References

https://git.kernel.org/stable/c/ec2501e361b08b50bcb1e7b32...

https://git.kernel.org/stable/c/d02e2fbf60de46678e2ea698a...

https://git.kernel.org/stable/c/48b26d48e76221dc90b02bf54...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-45845 Data

JSON