CVE-2026-23413

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description A use-after-free issue exists in the clsact qdisc during init/destroy rollback asymmetry. This occurs when a clsact instance is fully initialized, and a subsequent replacement fails. The issue arises because the kernel may trigger the clsact destroy() callback before completing initialization on both ingress and egress sides. The clsact destroy() function checks if ingress or egress entries are non-NULL, but both can be non-NULL with a valid egress entry from a previous instance, leading to a use-after-free condition. A helper function mini qdisc pair inited has been added to check for miniq initialization to address this.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.