{"id":45771,"date":"2026-04-12T04:56:34","date_gmt":"2026-04-12T04:56:34","guid":{"rendered":"http:\/\/localhost\/?p=45771"},"modified":"2026-04-12T04:56:34","modified_gmt":"2026-04-12T04:56:34","slug":"netsched-actife-fix-metalist-update-behavior","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=45771","title":{"rendered":"net\/sched: act_ife: Fix metalist update behavior_CVE-2026-23378"},"content":{"rendered":"

{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet\/sched: act_ife: Fix metalist update behavior\\n\\nWhenever an ife action replace changes the metalist, instead of\\nreplacing the old data on the metalist, the current ife code is appending\\nthe new metadata. Aside from being innapropriate behavior, this may lead\\nto an unbounded addition of metadata to the metalist which might cause an\\nout of bounds error when running the encode op:\\n\\n[ 138.423369][ C1] ==================================================================\\n[ 138.424317][ C1] BUG: KASAN: slab-out-of-bounds in ife_tlv_meta_encode (net\/ife\/ife.c:168)\\n[ 138.424906][ C1] Write of size 4 at addr ffff8880077f4ffe by task ife_out_out_bou\/255\\n[ 138.425778][ C1] CPU: 1 UID: 0 PID: 255 Comm: ife_out_out_bou Not tainted 7.0.0-rc1-00169-gfbdfa8da05b6 #624 PREEMPT(full)\\n[ 138.425795][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01\/01\/2011\\n[ 138.425800][ C1] Call Trace:\\n[ 138.425804][ C1] \\u003cIRQ\\u003e\\n[ 138.425808][ C1] dump_stack_lvl (lib\/dump_stack.c:122)\\n[ 138.425828][ C1] print_report (mm\/kasan\/report.c:379 mm\/kasan\/report.c:482)\\n[ 138.425839][ C1] ? srso_alias_return_thunk (arch\/x86\/lib\/retpoline.S:221)\\n[ 138.425844][ C1] ? __virt_addr_valid (.\/arch\/x86\/include\/asm\/preempt.h:95 (discriminator 1) .\/include\/linux\/rcupdate.h:975 (discriminator 1) .\/include\/linux\/mmzone.h:2207 (discriminator 1) arch\/x86\/mm\/physaddr.c:54 (discriminator 1))\\n[ 138.425853][ C1] ? ife_tlv_meta_encode (net\/ife\/ife.c:168)\\n[ 138.425859][ C1] kasan_report (mm\/kasan\/report.c:221 mm\/kasan\/report.c:597)\\n[ 138.425868][ C1] ? ife_tlv_meta_encode (net\/ife\/ife.c:168)\\n[ 138.425878][ C1] kasan_check_range (mm\/kasan\/generic.c:186 (discriminator 1) mm\/kasan\/generic.c:200 (discriminator 1))\\n[ 138.425884][ C1] __asan_memset (mm\/kasan\/shadow.c:84 (discriminator 2))\\n[ 138.425889][ C1] ife_tlv_meta_encode (net\/ife\/ife.c:168)\\n[ 138.425893][ C1] ? ife_tlv_meta_encode (net\/ife\/ife.c:171)\\n[ 138.425898][ C1] ? srso_alias_return_thunk (arch\/x86\/lib\/retpoline.S:221)\\n[ 138.425903][ C1] ife_encode_meta_u16 (net\/sched\/act_ife.c:57)\\n[ 138.425910][ C1] ? __pfx_do_raw_spin_lock (kernel\/locking\/spinlock_debug.c:114)\\n[ 138.425916][ C1] ? __asan_memcpy (mm\/kasan\/shadow.c:105 (discriminator 3))\\n[ 138.425921][ C1] ? __pfx_ife_encode_meta_u16 (net\/sched\/act_ife.c:45)\\n[ 138.425927][ C1] ? srso_alias_return_thunk (arch\/x86\/lib\/retpoline.S:221)\\n[ 138.425931][ C1] tcf_ife_act (net\/sched\/act_ife.c:847 net\/sched\/act_ife.c:879)\\n\\nTo solve this issue, fix the replace behavior by adding the metalist to\\nthe ife rcu data structure.”,”published”:”2026-03-25T10:27:57.986Z”,”modified”:”2026-04-02T14:44:26.414Z”,”type”:”cve”,”title”:”net\/sched: act_ife: Fix metalist update behavior”,”source”:”Linux”,”references”:”https:\/\/git.kernel.org\/stable\/c\/56ade7ddea6ce605552341785d08e365c3f61861\\nhttps:\/\/git.kernel.org\/stable\/c\/5b1449301ca070814d866990b46f48d3f39ea4ee\\nhttps:\/\/git.kernel.org\/stable\/c\/91a89d3bdc2f63d983adc13d1771631663c5dc1b\\nhttps:\/\/git.kernel.org\/stable\/c\/cd888c3966672239f2e0707b846a5a936ac9038a\\nhttps:\/\/git.kernel.org\/stable\/c\/691866c4cca54dc4df762276b49e89b36e046947\\nhttps:\/\/git.kernel.org\/stable\/c\/e2cedd400c3ec0302ffca2490e8751772906ac23″,”id”:”CVE-2026-23378″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”Linux Linux aa9fd9a325d51fa0b11153b03b8fefff569fa955\\nLinux Linux aa9fd9a325d51fa0b11153b03b8fefff569fa955\\nLinux Linux aa9fd9a325d51fa0b11153b03b8fefff569fa955\\nLinux Linux aa9fd9a325d51fa0b11153b03b8fefff569fa955\\nLinux Linux aa9fd9a325d51fa0b11153b03b8fefff569fa955\\nLinux Linux aa9fd9a325d51fa0b11153b03b8fefff569fa955\\nLinux Linux 4.15″,”sourceHref”:””,”cvss”:{“score”:7.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Linux”,”version”:”aa9fd9a325d51fa0b11153b03b8fefff569fa955″,”vendor”:”Linux”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet\/sched: act_ife: Fix metalist update behavior\\n\\nWhenever an ife action replace changes the metalist, instead of\\nreplacing the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,28,12,15,13,7,11,5],"class_list":["post-45771","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-78","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nnet\/sched: act_ife: Fix metalist update behavior_CVE-2026-23378 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=45771\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"net\/sched: act_ife: Fix metalist update behavior_CVE-2026-23378 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:nnnet\/sched: act_ife: Fix metalist update behaviornnWhenever an ife action replace changes the metalist, instead ofnreplacing the...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=45771\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-12T04:56:34+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=45771#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=45771\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"net\\\/sched: act_ife: Fix metalist update behavior_CVE-2026-23378\",\"datePublished\":\"2026-04-12T04:56:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=45771\"},\"wordCount\":671,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.8\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=45771#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=45771\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=45771\",\"name\":\"net\\\/sched: act_ife: Fix metalist update behavior_CVE-2026-23378 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-04-12T04:56:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=45771#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=45771\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=45771#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"net\\\/sched: act_ife: Fix metalist update behavior_CVE-2026-23378\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"net\/sched: act_ife: Fix metalist update behavior_CVE-2026-23378 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=45771","og_locale":"en_US","og_type":"article","og_title":"net\/sched: act_ife: Fix metalist update behavior_CVE-2026-23378 - zero redgem","og_description":"{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:nnnet\/sched: act_ife: Fix metalist update behaviornnWhenever an ife action replace changes the metalist, instead ofnreplacing the...","og_url":"https:\/\/zero.redgem.net\/?p=45771","og_site_name":"zero redgem","article_published_time":"2026-04-12T04:56:34+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=45771#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=45771"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"net\/sched: act_ife: Fix metalist update behavior_CVE-2026-23378","datePublished":"2026-04-12T04:56:34+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=45771"},"wordCount":671,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.8","exploit","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=45771#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=45771","url":"https:\/\/zero.redgem.net\/?p=45771","name":"net\/sched: act_ife: Fix metalist update behavior_CVE-2026-23378 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-04-12T04:56:34+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=45771#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=45771"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=45771#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"net\/sched: act_ife: Fix metalist update behavior_CVE-2026-23378"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/45771","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=45771"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/45771\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=45771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=45771"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=45771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}