CVE-2026-23419
Published: 03 April 2026
Summary
CVE-2026-23419 is a high-severity Improper Locking (CWE-667) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 10.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the circular locking dependency in rds_tcp_tune by applying kernel patches that move sk_net_refcnt_upgrade outside the socket lock critical section.
Vulnerability scanning identifies Linux kernels affected by CVE-2026-23419's improper locking flaw for subsequent remediation.
Disabling unnecessary kernel modules like RDS eliminates the vulnerable rds_tcp_tune code path exploitable by remote attackers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct kernel deadlock triggered remotely via RDS leads to endpoint DoS through system exploitation.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() where sk_net_refcnt_upgrade() is called while holding the socket lock: ====================================================== WARNING: possible circular locking dependency…
more
detected ====================================================== kworker/u10:8/15040 is trying to acquire lock: ffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_cache_noprof+0x4b/0x6f0 but task is already holding lock: ffff88805a3c1ce0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: rds_tcp_tune+0xd7/0x930 The issue occurs because sk_net_refcnt_upgrade() performs memory allocation (via get_net_track() -> ref_tracker_alloc()) while the socket lock is held, creating a circular dependency with fs_reclaim. Fix this by moving sk_net_refcnt_upgrade() outside the socket lock critical section. This is safe because the fields modified by the sk_net_refcnt_upgrade() call (sk_net_refcnt, ns_tracker) are not accessed by any concurrent code path at this point. v2: - Corrected fixes tag - check patch line wrap nits - ai commentary nits
Deeper analysisAI
CVE-2026-23419 is a vulnerability in the Linux kernel's Reliable Datagram Sockets (RDS) implementation, specifically within the rds_tcp_tune() function. It manifests as a possible circular locking dependency where sk_net_refcnt_upgrade()—which performs memory allocation via get_net_track() and ref_tracker_alloc()—is called while holding the socket lock (k-sk_lock-AF_INET6). This creates a dependency with fs_reclaim, as reported by syzbot. The issue affects Linux kernel versions prior to the application of the fix, with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is categorized under CWE-667 (Improper Locking).
A remote, unauthenticated network attacker can exploit this vulnerability with low complexity and no user interaction. By triggering the rds_tcp_tune() path, the attacker can induce the circular locking dependency, potentially leading to a deadlock involving the socket lock and fs_reclaim during memory allocation. This results in high availability impact, such as kernel hangs or system denial of service.
Mitigation involves applying the upstream kernel patches provided in the stable repository. Key fixes include commits such as 026bbaeeab9e04534ee58882b6447300629b42f6, 6a877ececd6daa002a9a0002cd0fbca6592a9244, 6ce948fa54599f369ff7fe8b793a6aae4b0762b2, 8519e6883a942e510f33a0e634e27bcc3a844a40, and 8babb271403378ba6836f6c8599c5313d0e2355d, which move sk_net_refcnt_upgrade() outside the socket lock critical section. Security practitioners should update affected Linux kernels to incorporate these changes.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai