CVE-2026-23436Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition6 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 94.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops (pre- callbacks) and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual protections. The netdev may get unregistered in between the time we take the ref and the time we lock it. We may allocate the hierarchy after flush has already run, which would lead to a leak. Take the ins

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux93954b40f6a4fc43226c01a15b02732f884500f1719f6784f918f9e32f3ff3b197f900e852223f9d+3
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
OSV
CVE-2026-23436: In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during pr2026-04-03
GHSA
GHSA-943r-726h-fc9x: In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: net: shaper: protect from late creation of hierarchy2026-04-03
Debian
CVE-2026-23436: linux - In the Linux kernel, the following vulnerability has been resolved: net: shaper...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23436 Impact, Exploitability, and Mitigation Steps | Wiz