Description
In the Linux kernel, the following vulnerability has been resolved:

net: shaper: protect late read accesses to the hierarchy

We look up a netdev during prep of Netlink ops (pre- callbacks)
and take a ref to it. Then later in the body of the callback
we take its lock or RCU which are the actual protections.

This is not proper, a conversion from a ref to a locked netdev
must include a liveness check (a check if the netdev hasn't been
unregistered already). Fix the read cases (those under RCU).
Writes needs a separate change to protect from creating the
hierarchy after flush has already run.
Published: 2026-04-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Use After Free
Action: Apply Patch
AI Analysis

Impact

In the Linux kernel, a flaw in the networking shaper component allows a net device to be accessed after it has been unregistered. The code takes a reference to the device during Netlink callback preparation and later accesses it under a lock or RCU protection, but the transition does not include a liveness check. This can result in the device being freed while still referenced, leading to a use-after-free condition that may cause memory corruption or a denial of service. The weakness is a classic use-after-free bug.

Affected Systems

The flaw affects all Linux kernel implementations. The known vendor entry lists the generic Linux kernel, and no specific affected version is supplied in the CNA data, implying that older kernel releases lacking the patch are susceptible.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity, and the EPSS score of less than 1% suggests the exploitation likelihood is low. The vulnerability is not listed in the CISA KEV catalog. An attacker would likely need local or privileged access to trigger the Netlink operation that exercises the buggy path; the attack vector is therefore inferred to be local via Netlink. While fixed protections reduce the risk of complete code execution, the use-after-free could still lead to kernel crashes and service disruption.

Generated by OpenCVE AI on April 7, 2026 at 09:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that includes the patch for CVE-2026-23437.
  • Reboot the system to load the updated kernel module.
  • Verify the running kernel version with `uname -r` to ensure the patch is active.
  • Monitor system logs for any Netlink-related errors to confirm stability.

Generated by OpenCVE AI on April 7, 2026 at 09:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops (pre- callbacks) and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual protections. This is not proper, a conversion from a ref to a locked netdev must include a liveness check (a check if the netdev hasn't been unregistered already). Fix the read cases (those under RCU). Writes needs a separate change to protect from creating the hierarchy after flush has already run.
Title net: shaper: protect late read accesses to the hierarchy
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:07:26.228Z

Reserved: 2026-01-13T15:37:46.017Z

Link: CVE-2026-23437

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-03T16:16:25.400

Modified: 2026-04-23T20:59:26.760

Link: CVE-2026-23437

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23437 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:54:01Z

Weaknesses