Description

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops (pre- callbacks) and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual protections. This is not proper, a conversion from a ref to a locked netdev must include a liveness check (a check if the netdev hasn't been unregistered already). Fix the read cases (those under RCU). Writes needs a separate change to protect from creating the hierarchy after flush has already run.

INFO

Published Date :

2026-04-03T15:15:22.048Z

Last Modified :

2026-04-03T15:15:22.048Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23437 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23437.

URL Resource
https://git.kernel.org/stable/c/0f9ea7141f365b4f27226898e62220fb98ef8dc6 cve-icon cve-icon
https://git.kernel.org/stable/c/348758ba74e6a348299965b16a97cfb817545cc0 cve-icon cve-icon
https://git.kernel.org/stable/c/581eee0890a8bde44f1fb78ad3e70502a897d583 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026040312-CVE-2026-23437-9787@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23437 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23437 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact