CVE-2026-23342

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a race condition within the cpumap implementation when running on PREEMPT RT kernels. Specifically, concurrent access to the per-CPU xdp bulk queue (bq) by multiple preemptible tasks on the same CPU can occur. This is due to the original code incorrectly assuming atomic operation between bq enqueue() and cpu map flush(), and the fact that local bh disable() does not fully prevent preemption on PREEMPT RT kernels. This race condition can lead to a double free in list del clearprev() and corruption of the packet queue due to concurrent access to bq->count and bq->q[]. The issue arises when a task is preempted during bq flush to queue(), allowing another task to concurrently call bq enqueue() and operate on the same per-CPU bq. The fix involves adding a local lock to xdp bulk queue and acquiring it in both bq enqueue() and cpu map flush().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.