Cyber Resilience

CVE-2026-23437

High

Published: 03 April 2026

Published
03 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23437 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2026-23437 is a vulnerability in the Linux kernel's network shaper (net: shaper) component, where late read accesses to the netdev hierarchy are not properly protected. During preparation of Netlink operations (pre-callbacks), a netdev is looked up and a reference is taken, but later in the callback body, accesses under RCU lack a required liveness check to ensure the netdev has not been unregistered. This affects read cases under RCU, with writes noted as needing a separate fix after flush operations.

The vulnerability can be exploited by local attackers with low privileges (AV:L/AC:L/PR:L/UI:N/S:U), requiring no user interaction. Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), yielding a CVSS v3.1 base score of 7.8 and potentially leading to kernel crashes, data corruption, or privilege escalation via race conditions or invalid memory accesses.

Kernel patches addressing this issue are available in the stable trees via the following commits: https://git.kernel.org/stable/c/0f9ea7141f365b4f27226898e62220fb98ef8dc6, https://git.kernel.org/stable/c/348758ba74e6a348299965b16a97cfb817545cc0, and https://git.kernel.org/stable/c/581eee0890a8bde44f1fb78ad3e70502a897d583. These commits implement liveness checks for read operations under RCU to prevent accesses to unregistered netdevs.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops (pre- callbacks) and take a ref to it. Then later in…

more

the body of the callback we take its lock or RCU which are the actual protections. This is not proper, a conversion from a ref to a locked netdev must include a liveness check (a check if the netdev hasn't been unregistered already). Fix the read cases (those under RCU). Writes needs a separate change to protect from creating the hierarchy after flush has already run.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel race condition in net shaper enables direct privilege escalation via invalid memory access after netdev unregistration.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-31586Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.13, 7.0 · 6.13.1 — 6.18.20 · 6.19 — 6.19.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2026-23437 by requiring timely remediation through application of kernel patches that implement the missing netdev liveness checks under RCU.

detect

Enables detection of vulnerable kernel versions affected by the netdev RCU race condition via vulnerability scanning, facilitating prompt patching.

prevent

Provides memory protection mechanisms that can prevent exploitation of invalid memory accesses resulting from the unprotected late read accesses to unregistered netdevs.

References