CVE-2026-23255Race Condition in Linux

CWE-362Race Condition9 documents8 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 94.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptype_seq_show() and provided a patch. Real issue is that ptype_seq_next() and ptype_seq_show() violate RCU rules. ptype_seq_show() runs under rcu_read_lock(), and reads pt->dev to get device name without any barrier. At the same time, concurrent writers can remove a packet_type structure (which is correctly freed after an RCU grace perio

Affected Packages3 packages

Linuxlinux/linux_kernel2.6.126.18.10
Debianlinux/linux_kernel< 6.18.10-1
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2dcefd3f0b9ed8288654c75254bdcee8e1085e861+3

🔴Vulnerability Details

4
CVEList
net: add proper RCU protection to /proc/net/ptype2026-03-18
OSV
CVE-2026-23255: In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stal2026-03-18
OSV
net: add proper RCU protection to /proc/net/ptype2026-03-18
GHSA
GHSA-9w39-mw48-92gc: In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU st2026-03-18

📋Vendor Advisories

3
Red Hat
kernel: net: add proper RCU protection to /proc/net/ptype2026-03-18
Microsoft
net: add proper RCU protection to /proc/net/ptype2026-03-10
Debian
CVE-2026-23255: linux - In the Linux kernel, the following vulnerability has been resolved: net: add pr...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23255 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23255 — Race Condition in Linux | cvebase