CVE-2026-23255

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to RCU (Read-Copy-Update) protection in the /proc/net/ptype interface. Specifically, the functions ptype seq next() and ptype seq show() do not adhere to RCU rules, potentially leading to RCU stalls. The issue arises because ptype seq show() reads pt->dev to obtain the device name without proper synchronization, while concurrent writers can remove packet type structures and clear pt->dev without an RCU grace period. The fix involves defining ptype iter state to carry a device pointer and adding full RCU protection to ptype seq next(), including the use of READ ONCE() when reading list.next values. A reproduction of the issue was provided by Dong Chenchen.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.