Description
In the Linux kernel, the following vulnerability has been resolved:

net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag

This is more of a preventive patch to make the code more consistent and
to prevent possible exploits that employ child qlen manipulations on qfq.
use cl_is_active instead of relying on the child qdisc's qlen to determine
class activation.
Published: 2026-02-04
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A kernel‑level issue in the Linux traffic scheduler qfq was patched to rely on the cl_is_active flag rather than a child queue’s length to determine whether a class is active. The change was intended to avoid problems that could arise from manipulating child qlen values, which might have led to improper code paths and kernel instability. The vulnerability could allow an attacker to trigger a fault or disrupt traffic scheduling, potentially causing a denial‑of‑service condition for processes interacting with the affected qdisc.

Affected Systems

The problematic code lives in the Linux kernel scheduler. The provided CPE identifiers list the 6.19 release candidates (rc1 through rc6). Thus any system running the Linux kernel 6.19 RC1‑RC6 is affected; the patch is expected to correct the issue in later kernel releases as well.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, while the EPSS value of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Because it resides in kernel‑space, exploitation would require local code execution or privileged operations on the affected system, and could lead to a kernel crash or re‑initialization of traffic scheduling, beyond which the system might suffer a denial‑of‑service state. The attack vector is therefore inferred to be local; the exploit would likely need the ability to interact with qfq qdiscs or craft packets that influence child queue state.

Generated by OpenCVE AI on April 16, 2026 at 01:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the patch for the qfq scheduler, such as the latest release after 6.19 rc6.
  • If the system requires the qfq qdisc for traffic shaping, consider disabling or removing it until a patched kernel is available, or replace it with an alternative qdisc that does not exhibit this behavior.
  • If you build the kernel from source, fetch the latest kernel code and apply the patch for qfq before building.

Generated by OpenCVE AI on April 16, 2026 at 01:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4475-1 linux security update
Debian DLA Debian DLA DLA-4476-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6126-1 linux security update
Debian DSA Debian DSA DSA-6127-1 linux security update
Ubuntu USN Ubuntu USN USN-8162-1 Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN Ubuntu USN USN-8180-1 Linux kernel vulnerabilities
History

Thu, 16 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 19 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 06 Feb 2026 17:00:00 +0000

Type Values Removed Values Added
References

Thu, 05 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 04 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq. use cl_is_active instead of relying on the child qdisc's qlen to determine class activation.
Title net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-03T13:31:57.984Z

Reserved: 2026-01-13T15:37:45.966Z

Link: CVE-2026-23105

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-02-04T17:16:21.370

Modified: 2026-04-03T14:16:23.610

Link: CVE-2026-23105

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23105 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T01:15:20Z

Weaknesses