CVE-2026-52997
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_dualpi2: drain both C-queue and L-queue in dualpi2_change() Fix dualpi2_change() to correctly enforce updated limit and memlimit values after a configuration change of the dualpi2 qdisc. Before this patch, dualpi2_change() always attempted to dequeue packets via the root qdisc (C-queue) when reducing backlog or memory usage, and unconditionally assumed that a valid skb will be returned. When traffic classification results in packets being queued in the L-queue while the C-queue is empty, this leads to a NULL skb dereference during limit or memlimit enforcement. This is fixed by first dequeuing from the C-queue path if it is non-empty. Once the C-queue is empty, packets are dequeued directly from the L-queue. Return values from qdisc_dequeue_internal() are checked for both queues. When dequeuing from the L-queue, the parent qdisc qlen and backlog counters are updated explicitly to keep overall qdisc statistics consistent.
Affected versions
Linux kernel versions
6.17
and later are affected. Fixed in
6.18.33,
7.0.10,
7.1
and their respective stable series.
References
3 totalFrequently asked questions
-
What is CVE-2026-52997?
CVE-2026-52997 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.17 onward and has been patched in 6.18.33, 7.0.10 and 7.1. CVE-2026-52997 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-52997?
Yes — CVE-2026-52997 has been patched. Fixed versions include 6.18.33, 7.0.10 and 7.1. If you are running Linux kernel 6.17 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-52997 actively exploited?
No — CVE-2026-52997 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.