CVE-2026-23270

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description The Linux kernel contains an issue related to network packet scheduling. Specifically, the act ct action was found to potentially cause a Use-After-Free (UAF) condition when interacting with the defragmentation engine if a packet returns TC ACT CONSUMED while held by the engine. This can occur when act ct is used in the egress path. To address this, the kernel now restricts act ct to only bind to clsact/ingress qdiscs and shared blocks. This allows act ct to still function in egress scenarios, but only with clsact. The skb variable is involved in this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALSA-2026:13565

ALSA-2026:13566

ALSA-2026:19568

ALSA-2026:19569

ALSA-2026:21706

ALSA-2026:21745

CVE-2026-23270

ECHO-51C8-47D2-C915

OESA-2026-1862

OESA-2026-1863

OESA-2026-1864

OPENSUSE-SU-2026:20572-1

RHSA-2026:13565

RHSA-2026:13566

RHSA-2026:19568

RHSA-2026:19569

RHSA-2026:21209

RHSA-2026:21706

RHSA-2026:21745

SUSE-SU-2026:1573-1

SUSE-SU-2026:1661-1

SUSE-SU-2026:21114-1

SUSE-SU-2026:21123-1

SUSE-SU-2026:21237-1

SUSE-SU-2026:21255-1

SUSE-SU-2026:21352-1

SUSE-SU-2026:21361-1

Affected Products

Linux Kernel

Rocky Linux

CVE-2026-23270

Related Identifiers

Affected Products

References · 370