CVE-2026-23436
In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops (pre- callbacks) and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual protections. The netdev may get unregistered in between the time we take the ref and the time we lock it. We may allocate the hierarchy after flush has already run, which would lead to a leak. Take the instance lock in pre- already, this saves us from the race and removes the need for dedicated lock/unlock callbacks completely. After all, if there's any chance of write happening concurrently with the flush - we're back to leaking the hierarchy. We may take the lock for devices which don't support shapers but we're only dealing with SET operations here, not taking the lock would be optimizing for an error case.
EPSS 0.02% · 3.3th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 6.19.10, 0, 7.0-rc5 |
| linux | linux_kernel | 6.13, 6.13, 6.13 |
Timeline
- Apr 3, 2026 CVE Published
- Apr 23, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/719f6784f918f9e32f3ff3b197f900e852223f9d url
- https://git.kernel.org/stable/c/d22921727023e7852704965e935f4d1fc83a5ec9 url
- https://git.kernel.org/stable/c/d75ec7e8ba1979a1eb0b9211d94d749cdce849c8 url
- https://www.suse.com/support/update/announcement/2026/suse-su-202621930-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621841-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20262238-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621974-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20262217-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621979-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20262149-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20262158-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621973-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20262189-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20262159-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621942-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621964-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621939-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20262202-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-202621910-1 advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20262134-1 advisory
…and 46 more