CVE-2026-23245
Published: 18 March 2026
Summary
CVE-2026-23245 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-5 (Access Restrictions for Change).
Deeper analysis
CVE-2026-23245 affects the Linux kernel's net/sched act_gate component. The vulnerability occurs because the gate action can be replaced while the hrtimer callback or dump path is walking the schedule list, potentially leading to inconsistent state or race conditions during these operations.
A local attacker with low privileges can exploit this issue with low attack complexity and no user interaction required. Successful exploitation enables high impacts on confidentiality, integrity, and availability, as indicated by the CVSS score of 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The referenced kernel stable patches mitigate the vulnerability by converting parameters to an RCU-protected snapshot, performing swap updates under tcf_lock, and freeing the previous snapshot via call_rcu(). When a REPLACE operation omits the entry list, the existing schedule is preserved to maintain the effective state unchanged.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12808
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_gate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the parameters to…
more
an RCU-protected snapshot and swap updates under tcf_lock, freeing the previous snapshot via call_rcu(). When REPLACE omits the entry list, preserve the existing schedule so the effective state is unchanged.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel race condition in net/sched act_gate enables privilege escalation via inconsistent state during replacement of gate actions.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the race condition in net/sched act_gate by requiring timely remediation through application of the kernel patch implementing RCU snapshots and tcf_lock synchronization.
Prohibits or restricts non-essential kernel traffic control gate actions, preventing exposure to the vulnerability if the affected functionality is unnecessary.
Restricts and monitors access to kernel configuration components like net/sched actions, limiting low-privilege local attackers' ability to trigger the concurrent replacement race.