Bug 2492307 (CVE-2026-53079) - CVE-2026-53079 kernel: net_sched: fix skb memory leak in deferred qdisc drops
Summary: CVE-2026-53079 kernel: net_sched: fix skb memory leak in deferred qdisc drops
Keywords:
Status: NEW
Alias: CVE-2026-53079
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-24 18:04 UTC by OSIDB Bzimport
Modified: 2026-06-25 18:05 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-24 18:04:46 UTC
In the Linux kernel, the following vulnerability has been resolved:

net_sched: fix skb memory leak in deferred qdisc drops

When the network stack cleans up the deferred list via qdisc_run_end(),
it operates on the root qdisc. If the root qdisc do not implement the
TCQ_F_DEQUEUE_DROPS flag the packets queue to free are never freed and
gets stranded on the child's local to_free list.

Fix this by making qdisc_dequeue_drop() aware of the root qdisc. It
fetches the root qdisc and check for the TCQ_F_DEQUEUE_DROPS flag. If
the flag is present, the packet is appended directly to the root's
to_free list. Otherwise, drop it directly as it was done before the
optimization was implemented.


Note You need to log in before you can comment on or make changes to this bug.