Home

Description

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops (pre- callbacks) and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual protections. This is not proper, a conversion from a ref to a locked netdev must include a liveness check (a check if the netdev hasn't been unregistered already). Fix the read cases (those under RCU). Writes needs a separate change to protect from creating the hierarchy after flush has already run.

PUBLISHED Reserved 2026-01-13 | Published 2026-04-03 | Updated 2026-05-11 | Assigner Linux




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

4b623f9f0f59652ea71fcb27d60b4c3b65126dbb (git) before 581eee0890a8bde44f1fb78ad3e70502a897d583
affected

4b623f9f0f59652ea71fcb27d60b4c3b65126dbb (git) before 348758ba74e6a348299965b16a97cfb817545cc0
affected

4b623f9f0f59652ea71fcb27d60b4c3b65126dbb (git) before 0f9ea7141f365b4f27226898e62220fb98ef8dc6
affected

Default status
affected

6.13
affected

Any version before 6.13
unaffected

6.18.20 (semver)
unaffected

6.19.10 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/581eee0890a8bde44f1fb78ad3e70502a897d583

git.kernel.org/...c/348758ba74e6a348299965b16a97cfb817545cc0

git.kernel.org/...c/0f9ea7141f365b4f27226898e62220fb98ef8dc6

cve.org (CVE-2026-23437)

nvd.nist.gov (CVE-2026-23437)

Download JSON