CVE-2026-23004 — Race Condition in Linux
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 97.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 25
Description
In the Linux kernel, the following vulnerability has been resolved:
dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()
syzbot was able to crash the kernel in rt6_uncached_list_flush_dev()
in an interesting way [1]
Crash happens in list_del_init()/INIT_LIST_HEAD() while writing
list->prev, while the prior write on list->next went well.
static inline void INIT_LIST_HEAD(struct list_head *list)
{
WRITE_ONCE(list->next, list); // This went well
WRITE_ONCE(list->prev, list); // …
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linux78df76a065ae3b5dbcb9a29912adc02f697de498 — 815db2363e51f0ef416947492d4dac5b7a520f56+4
Patches
🔴Vulnerability Details
3OSV▶
CVE-2026-23004: In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() syzbot was ab↗2026-01-25
GHSA▶
GHSA-w7vv-gw43-hxq2: In the Linux kernel, the following vulnerability has been resolved:
dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()
syzbot was↗2026-01-25