{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23313", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.994Z", "datePublished": "2026-03-25T10:27:08.686Z", "dateUpdated": "2026-03-25T10:27:08.686Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:08.686Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix preempt count leak in napi poll tracepoint\n\nUsing get_cpu() in the tracepoint assignment causes an obvious preempt\ncount leak because nothing invokes put_cpu() to undo it:\n\n softirq: huh, entered softirq 3 NET_RX with preempt_count 00000100, exited with 00000101?\n\nThis clearly has seen a lot of testing in the last 3+ years...\n\nUse smp_processor_id() instead."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_trace.h"], "versions": [{"version": "6d4d584a7ea8fc8d2be77545cb503118c193738a", "lessThan": "b7e91827e1cf89cd34ad11dc8f8c010b70ab786e", "status": "affected", "versionType": "git"}, {"version": "6d4d584a7ea8fc8d2be77545cb503118c193738a", "lessThan": "9e0f091821571f0da387462803ee42f0bb157582", "status": "affected", "versionType": "git"}, {"version": "6d4d584a7ea8fc8d2be77545cb503118c193738a", "lessThan": "dca4ea596a3b0a1b82bc1d9f3e4d88bd9ad9561f", "status": "affected", "versionType": "git"}, {"version": "6d4d584a7ea8fc8d2be77545cb503118c193738a", "lessThan": "4b3d54a85bd37ebf2d9836f0d0de775c0ff21af9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_trace.h"], "versions": [{"version": "6.2", "status": "affected"}, {"version": "0", "lessThan": "6.2", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b7e91827e1cf89cd34ad11dc8f8c010b70ab786e"}, {"url": "https://git.kernel.org/stable/c/9e0f091821571f0da387462803ee42f0bb157582"}, {"url": "https://git.kernel.org/stable/c/dca4ea596a3b0a1b82bc1d9f3e4d88bd9ad9561f"}, {"url": "https://git.kernel.org/stable/c/4b3d54a85bd37ebf2d9836f0d0de775c0ff21af9"}], "title": "i40e: Fix preempt count leak in napi poll tracepoint", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix preempt count leak in napi poll tracepoint\n\nUsing get_cpu() in the tracepoint assignment causes an obvious preempt\ncount leak because nothing invokes put_cpu() to undo it:\n\n softirq: huh, entered softirq 3 NET_RX with preempt_count 00000100, exited with 00000101?\n\nThis clearly has seen a lot of testing in the last 3+ years...\n\nUse smp_processor_id() instead."}], "id": "CVE-2026-23313", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:27.623", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4b3d54a85bd37ebf2d9836f0d0de775c0ff21af9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9e0f091821571f0da387462803ee42f0bb157582"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b7e91827e1cf89cd34ad11dc8f8c010b70ab786e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dca4ea596a3b0a1b82bc1d9f3e4d88bd9ad9561f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: i40e: Fix preempt count leak in napi poll tracepoint", "id": "2451223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451223"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-911", "details": ["A flaw was found in the i40e network driver within the Linux kernel. This vulnerability, a preemption count leak, occurs in the NAPI (New API) poll tracepoint due to incorrect handling of CPU preemption counts. This issue could lead to an imbalanced preemption count, potentially causing kernel warnings, system instability, or a denial of service."], "name": "CVE-2026-23313", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23313\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23313\nhttps://lore.kernel.org/linux-cve-announce/2026032529-CVE-2026-23313-925e@gregkh/T"], "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-03-25T11:47:51.641407+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that contains the commit 4b3d54a85bd37ebf2d9836f0d0de775c0ff21af9 or later, which replaces get_cpu() with smp_processor_id() in the i40e tracepoint.", "If a kernel upgrade is not immediately possible, configure the system to disable the problematic tracepoint via kernel boot parameters or by applying a custom patch that removes the get_cpu() call.", "Verify kernel behavior by monitoring smp_processor_id() usage in the i40e driver and ensure preemption count is not left incremented during tracepoint execution.", "Deploy network filtering or rate limiting to reduce the chances that high volume traffic will invoke the tracepoint until a patch is applied."], "summary": {"action": "Patch or Upgrade", "impact": "Denial of Service (kernel preemption and softirq starvation)"}, "threat_synthesis": {"affected_systems": "Any Linux system using a kernel build that contains the i40e driver before the fix made in commit 4b3d54a85bd37ebf2d9836f0d0de775c0ff21af9. The vulnerability is present in the generic Linux kernel; all distributions whose kernel packages have not been patched work with the affected i40e code. No specific distribution or version is listed beyond the Linux kernel itself, and the CNA vendor list only cites Linux. Users should verify that their kernel image does not include the buggy tracepoint and upgrade if necessary.", "description_and_impact": "The reported bug arises from the misuse of the get_cpu() function within the i40e network driver tracepoint. Calling get_cpu() increments the processor\u2019s preemption count, but the corresponding put_cpu() never executes to decrement it. Consequently, the preemption count becomes permanently inflated, preventing the kernel from re\u2011enabling preemption and causing softirq handlers\u2014including those for network packet processing\u2014to stall. If the count remains stuck high, the kernel may freeze or become unresponsive, effectively denying service. The impact is a system\u2011wide outage for the affected kernel instance, as critical scheduling and interrupt services cease to operate normally.", "risk_and_exploitability": "No CVSS score or EPSS score is published, and the vulnerability is not referenced in CISA\u2019s KEV catalog, suggesting that widespread exploitation has not yet been observed. The exploit requires triggering the tracepoint that calls get_cpu(); this can occur when the system processes particular network packets or softirq events. The attack vector is therefore local or potentially remote if the network can generate the specific conditions that activate the tracepoint. While the complexity is low once the condition is satisfied, success hinges on the system\u2019s configuration and workload. In the absence of a public exploit, the risk remains moderate until a working exploit demonstrates higher probability."}}}}, "created": "2026-03-25T21:15:16.369400+00:00", "updated": "2026-03-25T21:15:16.369433+00:00", "vendors": []}