VDB
CVE-2026-23274
CVE-2026-23274
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call mod_timer() on timer->timer. If the label was created first by revision 1 with XT_IDLETIMER_ALARM, the object uses alarm timer semantics and timer->timer is never initialized. Reusing that object from revision 0 causes mod_timer() on an uninitialized timer_list, triggering debugobjects warnings and possible panic when panic_on_warn=1. Fix this by rejecting revision 0 rule insertion when an existing timer with the same label is of ALARM type.
EPSS 0.02% · 6.3th percentile
Risk Scores
EPSS Score
0.02%
6.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | *, 6.12.78, 6.18.19 |
| linux | linux_kernel | 5.7, 5.7, 5.7 |
Exploit Intelligence
- CIRCL seen: CVE-2026-23274 (circl-sighting)
- https://git.kernel.org/stable/c/28c7cfaf0c0ab17cbd7754092116fd1af45271f9 (circl)
- https://git.kernel.org/stable/c/54080355999381fed4a26129579a5765bab87491 (circl)
- https://git.kernel.org/stable/c/5e7ece24c5cb75a60402aad4d803c7898ea40aa9 (circl)
- https://git.kernel.org/stable/c/f5ef97c13165542480a6ffdbe6f09f40bbb7cbf1 (circl)
- https://git.kernel.org/stable/c/f228b9ae2a7e84d1153616d8e71c4236cb1f1309 (circl)
- https://git.kernel.org/stable/c/329f0b9b48ee6ab59d1ab72fef55fe8c6463a6cf (circl)
- 2026-05-06_426_linux-signed-amd64.yaml (github-poc)
- 2026-05-06_426_linux-signed-amd64.yaml (github-poc)
- 2026-05-06_426_linux-signed-amd64.yaml (github-poc)
…and 7 more exploits
Timeline
- Mar 20, 2026 EPSS Score
- Mar 20, 2026 CVE Published
- Mar 20, 2026 PoC Published
- Mar 21, 2026 EPSS Score
- Mar 22, 2026 EPSS Score
- Mar 22, 2026 Coalition ESS Score
- Mar 23, 2026 EPSS Score
- Mar 24, 2026 EPSS Score
- Mar 25, 2026 EPSS Score
- Mar 29, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
References
- https://git.kernel.org/stable/c/28c7cfaf0c0ab17cbd7754092116fd1af45271f9 url
- https://git.kernel.org/stable/c/54080355999381fed4a26129579a5765bab87491 url
- https://git.kernel.org/stable/c/5e7ece24c5cb75a60402aad4d803c7898ea40aa9 url
- https://git.kernel.org/stable/c/f5ef97c13165542480a6ffdbe6f09f40bbb7cbf1 url
- https://git.kernel.org/stable/c/f228b9ae2a7e84d1153616d8e71c4236cb1f1309 url
- https://git.kernel.org/stable/c/329f0b9b48ee6ab59d1ab72fef55fe8c6463a6cf url
- https://nvd.nist.gov/vuln/detail/CVE-2026-23274 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32748 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4438 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23347 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23268 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23392 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23319 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23253 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23296 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23364 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23368 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27654 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-30922 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23286 advisory
…and 312 more