PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23245 Linux CVE debrief

CVE-2026-23245 is a high-severity Linux kernel vulnerability in the traffic-control act_gate path. The issue was recorded by CVE/NVD on 2026-03-18 and later updated on 2026-05-21. The kernel fix description says the gate action could be replaced while the hrtimer callback or dump path was walking the schedule list, creating a concurrency hazard. The remediation converts the parameters to an RCU-protected snapshot, swaps updates under tcf_lock, and frees the previous snapshot with call_rcu().

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-18
Original CVE updated
2026-05-21
Advisory published
2026-03-18
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distribution security teams, and operators running systems that use traffic control features, especially act_gate, on kernels within the affected NVD version ranges. Because the CVSS vector includes PR:L, local users or processes with some level of access are the main concern.

Technical summary

NVD rates the issue 7.8 High with CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerable condition is a race in act_gate: the action can be replaced while other kernel paths are iterating the schedule list. According to the kernel fix summary, the solution is to treat the parameters as an RCU-protected snapshot, perform replacement under tcf_lock, and defer freeing the old snapshot with call_rcu(). The description also notes that when REPLACE omits the entry list, the existing schedule is preserved so the effective state does not change. NVD maps affected Linux kernel ranges including 5.8.1 before 5.10.253, 5.11 before 6.1.167, 6.2 before 6.6.130, 6.7 before 6.12.78, 6.13 before 6.18.18, 6.19 before 6.19.8, plus 5.8, 7.0-rc1, and 7.0-rc2.

Defensive priority

High. This is a kernel-level concurrency flaw with high confidentiality, integrity, and availability impact in NVD’s assessment, so patching should be prioritized for any exposed or multi-user system running the affected code path.

Recommended defensive actions

  • Confirm deployed kernel builds against the NVD affected version ranges and vendor backport status.
  • Apply the kernel update or vendor backport that includes the RCU snapshot fix for act_gate.
  • Prioritize remediation on systems that use traffic control scheduling features or allow local users to interact with the kernel.
  • Coordinate maintenance windows for fleet updates, since this is a kernel change rather than a user-space mitigation.
  • Track downstream distro advisories that reference the listed kernel patch commits for backported fixes.

Evidence notes

All statements are derived from the supplied CVE/NVD corpus and the referenced kernel patch records. The record identifies the flaw as a Linux kernel act_gate concurrency issue resolved by RCU snapshotting and call_rcu()-based cleanup. NVD marks the vulnerability as analyzed, assigns CVSS 7.8 High (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), and lists vulnerable Linux kernel version ranges. Weakness classification in the record is NVD-CWE-noinfo.

Official resources

Publicly recorded in the CVE/NVD corpus on 2026-03-18 and last modified on 2026-05-21.