CVE-2026-23270Use After Free in Linux

CWE-416Use After Free8 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier [1]: "Since the blamed commit below, classify can return TC_ACT_CONSUMED while the current skb being held by the defragmentation engine. As reported by GangMin Kim, if such packet is that may cause a UaF when the defrag engine later on tries to tuch again such packet." act_ct was never meant to be used in the egress path, ho

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Linuxlinux/linux_kernel6.2.06.6.130+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux0b5b831122fc3789fff75be433ba3e4dd7b779d4fb3c380a54e33d1fd272cc342faa906d787d7ef1+8

🔴Vulnerability Details

4
OSV
net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks2026-03-18
OSV
CVE-2026-23270: In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks As2026-03-18
GHSA
GHSA-62jp-jvc3-7hh9: In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks2026-03-18
CVEList
net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks2026-03-18

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation2026-03-18
Debian
CVE-2026-23270: linux - In the Linux kernel, the following vulnerability has been resolved: net/sched: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23270 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23270 — Use After Free in Linux | cvebase