Description
In the Linux kernel, the following vulnerability has been resolved:

i40e: Fix preempt count leak in napi poll tracepoint

Using get_cpu() in the tracepoint assignment causes an obvious preempt
count leak because nothing invokes put_cpu() to undo it:

softirq: huh, entered softirq 3 NET_RX with preempt_count 00000100, exited with 00000101?

This clearly has seen a lot of testing in the last 3+ years...

Use smp_processor_id() instead.
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel preemption counter leak
Action: Apply Patch
AI Analysis

Impact

Within the Linux kernel's i40e network driver, a tracepoint assignment mistakenly uses get_cpu() without a subsequent put_cpu() call, causing the preempt_count to remain incremented. This preemption counter leak can disturb kernel scheduling logic, potentially leading to kernel instability or a localized denial of service if the counter remains erroneously high. The weakness is a code‑handling defect (CWE‑911) that allows an unintended persistence of a scheduling counter.

Affected Systems

Any Linux kernel build that includes the i40e driver, encompassing most generic Linux distributions, may contain the vulnerable code. No specific kernel version range is provided, so systems running kernels with the unpatched i40e module are potentially impacted.

Risk and Exploitability

With a CVSS score of 5.5, the vulnerability is considered moderate in severity. The EPSS score is under 1 %, indicating a low probability of exploitation, and it is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation would require a process executing with kernel privileges, as the issue resides in driver code during poll tracing. Therefore the exploitability is limited to local privileged contexts and is not publicly exploitable from a remote surface. The official fix involves replacing get_cpu() with smp_processor_id(), eliminating the preemption counter leak.

Generated by OpenCVE AI on March 26, 2026 at 05:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Linux kernel patch that replaces get_cpu() with smp_processor_id() in the i40e driver.

Generated by OpenCVE AI on March 26, 2026 at 05:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
References

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using get_cpu() in the tracepoint assignment causes an obvious preempt count leak because nothing invokes put_cpu() to undo it: softirq: huh, entered softirq 3 NET_RX with preempt_count 00000100, exited with 00000101? This clearly has seen a lot of testing in the last 3+ years... Use smp_processor_id() instead.
Title i40e: Fix preempt count leak in napi poll tracepoint
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-27T13:56:11.718Z

Reserved: 2026-01-13T15:37:45.994Z

Link: CVE-2026-23313

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T11:16:27.623

Modified: 2026-04-27T14:16:30.430

Link: CVE-2026-23313

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23313 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:16:44Z

Weaknesses