CVE-2026-22987

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy<br /> <br /> syzbot reported a crash in tc_act_in_hw() during netns teardown where<br /> tcf_idrinfo_destroy() passed an ERR_PTR(-EBUSY) value as a tc_action<br /> pointer, leading to an invalid dereference.<br /> <br /> Guard against ERR_PTR entries when iterating the action IDR so teardown<br /> does not call tc_act_in_hw() on an error pointer.