CVE-2026-23413Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 2
Latest updateApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a second step having a replacement failure for the new clsact qdisc instance. clsact_init() initializes ingress first and then takes care of the egress part. This can fail midway, for example, via tcf_block_

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux230bb13650b0f186f540500fd5f5f7096a822a2aa73d95b57bf9faebdfed591bcb7ed9292062a84c+6
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23413: (In the Linux kernel, the following vulnerability has been resolved: c2026-04-03
OSV
CVE-2026-23413: In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free2026-04-02
GHSA
GHSA-g3fm-vpqw-g4mf: In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-fr2026-04-02

📋Vendor Advisories

2
Red Hat
kernel: clsact: Fix use-after-free in init/destroy rollback asymmetry2026-04-02
Debian
CVE-2026-23413: linux - In the Linux kernel, the following vulnerability has been resolved: clsact: Fix...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23413 Impact, Exploitability, and Mitigation Steps | Wiz