Description
In the Linux kernel, the following vulnerability has been resolved:

i40e: Fix preempt count leak in napi poll tracepoint

Using get_cpu() in the tracepoint assignment causes an obvious preempt
count leak because nothing invokes put_cpu() to undo it:

softirq: huh, entered softirq 3 NET_RX with preempt_count 00000100, exited with 00000101?

This clearly has seen a lot of testing in the last 3+ years...

Use smp_processor_id() instead.
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel’s i40e network driver, a tracepoint incorrectly employs get_cpu() without a matching put_cpu() call, causing the preempt_count to remain incremented. This results in a preemption counter leak.

Affected Systems

Any Linux system running a kernel that includes the unpatched i40e driver. No specific kernel version range is provided, so all generic Linux kernel builds that compile the i40e module are potentially affected.

Risk and Exploitability

The vulnerability has a CVSS score of 5.5, indicating moderate severity. Its EPSS score is below 1 %, showing a low probability of exploitation, and it is not listed in CISA KEV. The flaw resides in kernel driver code, so exploitation would require code execution within the kernel context and is not known to be remotely exploitable from user space.

Generated by OpenCVE AI on May 26, 2026 at 17:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Linux kernel patch that replaces get_cpu() with smp_processor_id() in the i40e driver.
  • Reboot the system to load the updated kernel module and ensure the change takes effect.
  • If the patch cannot be applied immediately, consider temporarily disabling the i40e network driver until the fix is available to prevent the preempt count leak.

Generated by OpenCVE AI on May 26, 2026 at 17:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Tue, 26 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
References

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using get_cpu() in the tracepoint assignment causes an obvious preempt count leak because nothing invokes put_cpu() to undo it: softirq: huh, entered softirq 3 NET_RX with preempt_count 00000100, exited with 00000101? This clearly has seen a lot of testing in the last 3+ years... Use smp_processor_id() instead.
Title i40e: Fix preempt count leak in napi poll tracepoint
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:04:28.296Z

Reserved: 2026-01-13T15:37:45.994Z

Link: CVE-2026-23313

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T11:16:27.623

Modified: 2026-05-26T15:01:30.750

Link: CVE-2026-23313

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23313 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T18:00:14Z

Weaknesses