PT-2026-26048 · Linux · Linux Kernel

Publicado

2026-01-01

Atualizado

2026-05-26

CVE-2026-23245

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue in the networking scheduler (net/sched) related to the act gate action. Specifically, the act gate action can be replaced while a hrtimer callback or dump path is traversing the schedule list. This can lead to inconsistencies when handling the schedule list. The resolution involves converting parameters to an RCU-protected snapshot and swapping updates under tcf lock, freeing the previous snapshot via call rcu(). When a replacement omits the entry list, the existing schedule is preserved to maintain the effective state.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

BDU:2026-04645

CVE-2026-23245

ECHO-DA5B-B137-E26D

OESA-2026-1862

OESA-2026-1863

OESA-2026-1864

OPENSUSE-SU-2026:20826-1

SUSE-SU-2026:21841-1

SUSE-SU-2026:21845-1

SUSE-SU-2026:21860-1

SUSE-SU-2026:21876-1

SUSE-SU-2026:21877-1

SUSE-SU-2026:21916-1

SUSE-SU-2026:21919-1

SUSE-SU-2026:2217-1

SUSE-SU-2026:2238-1

Produtos afetados

Linux Kernel

PT-2026-26048 · Linux · Linux Kernel

CVE-2026-23245

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 81