CVE-2026-23255

EPSS 0.03%
Veröffentlicht 18.03.2026 17:41:01
Zuletzt bearbeitet 27.04.2026 14:16:29
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

net: add proper RCU protection to /proc/net/ptype

In the Linux kernel, the following vulnerability has been resolved:

net: add proper RCU protection to /proc/net/ptype

Yin Fengwei reported an RCU stall in ptype_seq_show() and provided
a patch.

Real issue is that ptype_seq_next() and ptype_seq_show() violate
RCU rules.

ptype_seq_show() runs under rcu_read_lock(), and reads pt->dev
to get device name without any barrier.

At the same time, concurrent writers can remove a packet_type structure
(which is correctly freed after an RCU grace period) and clear pt->dev
without an RCU grace period.

Define ptype_iter_state to carry a dev pointer along seq_net_private:

struct ptype_iter_state {
	struct seq_net_private	p;
	struct net_device	*dev; // added in this patch
};

We need to record the device pointer in ptype_get_idx() and
ptype_seq_next() so that ptype_seq_show() is safe against
concurrent pt->dev changes.

We also need to add full RCU protection in ptype_seq_next().
(Missing READ_ONCE() when reading list.next values)

Many thanks to Dong Chenchen for providing a repro.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

CNA 2 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 002a73470b56848e4c81efeaaedd471e92d66d8d

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < dcefd3f0b9ed8288654c75254bdcee8e1085e861

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 589a530ae44d0c80f523fcfd1a15af8087f27d35

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < f613e8b4afea0cd17c7168e8b00e25bc8d33175d

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.12

Status affected

Version 0

Version < 2.6.12

Status unaffected

Version <= 6.6.*

Version 6.6.136

Status unaffected

Version <= 6.12.*

Version 6.12.80

Status unaffected

Version <= 6.18.*

Version 6.18.10

Status unaffected

Version <= *

Version 6.19

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/589a530ae44d0c80f523fcfd1a15af8087f27d35

https://git.kernel.org/stable/c/f613e8b4afea0cd17c7168e8b00e25bc8d33175d

https://git.kernel.org/stable/c/dcefd3f0b9ed8288654c75254bdcee8e1085e861

https://git.kernel.org/stable/c/002a73470b56848e4c81efeaaedd471e92d66d8d

https://nvd.nist.gov/vuln/detail/CVE-2026-23255

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23255

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23255

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23255