CVE-2026-31421

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/sched: cls_fw: fix NULL pointer dereference on shared blocks<br /> <br /> The old-method path in fw_classify() calls tcf_block_q() and<br /> dereferences q-&gt;handle. Shared blocks leave block-&gt;q NULL, causing a<br /> NULL deref when an empty cls_fw filter is attached to a shared block<br /> and a packet with a nonzero major skb mark is classified.<br /> <br /> Reject the configuration in fw_change() when the old method (no<br /> TCA_OPTIONS) is used on a shared block, since fw_classify()&amp;#39;s<br /> old-method path needs block-&gt;q which is NULL for shared blocks.<br /> <br /> The fixed null-ptr-deref calling stack:<br /> KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]<br /> RIP: 0010:fw_classify (net/sched/cls_fw.c:81)<br /> Call Trace:<br /> tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1764 net/sched/cls_api.c:1860)<br /> tc_run (net/core/dev.c:4401)<br /> __dev_queue_xmit (net/core/dev.c:4535 net/core/dev.c:4790)