CVE-2026-23313 — Improper Update of Reference Count in Linux

CWE-911 — Improper Update of Reference Count9 documents8 sources

Severity

7.1HIGH

No vector

EPSS

0.0%

top 93.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel

Timeline

PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using get_cpu() in the tracepoint assignment causes an obvious preempt count leak because nothing invokes put_cpu() to undo it: softirq: huh, entered softirq 3 NET_RX with preempt_count 00000100, exited with 00000101? This clearly has seen a lot of testing in the last 3+ years... Use smp_processor_id() instead.

Affected Packages3 packages

▶Linuxlinux/linux_kernel6.2.0 — 6.12.77+2

▶Debianlinux/linux_kernel< 6.19.8-1

▶CVEListV5linux/linux6d4d584a7ea8fc8d2be77545cb503118c193738a — b7e91827e1cf89cd34ad11dc8f8c010b70ab786e+4

🔴Vulnerability Details

CVEList

i40e: Fix preempt count leak in napi poll tracepoint↗2026-03-25

▶

OSV

CVE-2026-23313: In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using get_cpu() in the tracep↗2026-03-25

▶

GHSA

GHSA-94ww-55m5-gmrg: In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using get_cpu() in the trac↗2026-03-25

▶

OSV

i40e: Fix preempt count leak in napi poll tracepoint↗2026-03-25

▶

📋Vendor Advisories

Red Hat

kernel: i40e: Fix preempt count leak in napi poll tracepoint↗2026-03-25

▶

Microsoft

i40e: Fix preempt count leak in napi poll tracepoint↗2026-03-10

▶

Debian

CVE-2026-23313: linux - In the Linux kernel, the following vulnerability has been resolved: i40e: Fix p...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23313 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶