CVE-2026-23342Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition8 documents7 sources
Severity
N/A
No vector
EPSS
0.0%
top 94.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in cpumap on PREEMPT_RT On PREEMPT_RT kernels, the per-CPU xdp_bulk_queue (bq) can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bq_enqueue() and __cpu_map_flush() run atomically with respect to each other on the same CPU, relying on local_bh_disable() to prevent preemption. However, on PREEMPT_RT, local_bh_disable() only calls migrate_disable() (when PREEMPT_R

Affected Packages3 packages

Linuxlinux/linux_kernel6.18.06.18.17+1
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux3253cb49cbad4772389d6ef55be75db1f97da9107466ae2aeed483de80c5d8dea0913cf74038b652+3

🔴Vulnerability Details

4
GHSA
GHSA-c898-7qpg-fw83: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in cpumap on PREEMPT_RT On PREEMPT_RT kernels, the per-CPU xdp_bul2026-03-25
OSV
CVE-2026-23342: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in cpumap on PREEMPT_RT On PREEMPT_RT kernels, the per-CPU xdp_bulk_2026-03-25
OSV
bpf: Fix race in cpumap on PREEMPT_RT2026-03-25
CVEList
bpf: Fix race in cpumap on PREEMPT_RT2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: bpf: Fix race in cpumap on PREEMPT_RT2026-03-25
Debian
CVE-2026-23342: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix ra...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23342 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23342 — Linux vulnerability | cvebase