CVE-2026-23074

CWE-416Use After FreeCWE-82540 documents8 sources
Severity
7.8HIGH
EPSS
0.0%
top 95.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 4
Latest updateApr 14

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will describe the scenario that unearthed this issue for the curious. GangMin Kim managed to concot a scenario as follows: ROOT qdisc 1:0 (QFQ) ├── class 1:1 (weight=15, lmax=16384) netem with delay 6.4s └── class 1:2 (weight=1

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages27 packages

NVDlinux/linux_kernel2.6.12.15.10.249+7
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac273d970ff0eddd874a84c953387c7f4464b705fc6+7
Debianlinux< 5.10.249-1+3
Ubuntulinux< 6.8.0-107.107+2
Debianlinux-6.1< 6.1.162-1~deb11u1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

13
OSV
linux-gcp, linux-gcp-4.15, linux-gcp-fips vulnerabilities2026-04-06
OSV
linux-realtime-6.17 vulnerabilities2026-04-06
OSV
linux, linux-aws, linux-aws-6.17, linux-gcp, linux-gcp-6.17, linux-hwe-6.17, linux-realtime vulnerabilities2026-04-02
OSV
linux-fips, linux-aws-fips vulnerabilities2026-04-02
OSV
linux-fips vulnerabilities2026-04-02

📋Vendor Advisories

25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-14
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Intel IoTG Real-time) vulnerabilities2026-04-09

🕵️Threat Intelligence

1
Wiz
CVE-2026-23074 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23074 (HIGH CVSS 7.8) | In the Linux kernel | cvebase.io