PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23255 Linux CVE debrief

CVE-2026-23255 is an RCU synchronization flaw in the Linux kernel’s /proc/net/ptype path. According to the CVE description, ptype_seq_show() and ptype_seq_next() can observe packet_type state without sufficient RCU protection while concurrent writers remove packet_type entries and clear pt->dev. The result is an RCU stall and a high-availability denial-of-service condition on affected systems.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-18
Original CVE updated
2026-05-21
Advisory published
2026-03-18
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distro security teams, and operators of systems that expose /proc/net/ptype and rely on kernel networking availability. Because the issue is local and requires limited privileges, it is especially relevant for multi-user systems and environments where untrusted users can reach the affected code path.

Technical summary

NVD lists the vulnerability as CVSS 3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The CVE description says ptype_seq_show() runs under rcu_read_lock() but reads pt->dev without a barrier, while concurrent writers may remove a packet_type structure after an RCU grace period and clear pt->dev without the same protection. The fix adds proper RCU handling to /proc/net/ptype, including carrying a device pointer in iterator state and using READ_ONCE() when reading list pointers in ptype_seq_next().

Defensive priority

Medium. The issue is not remote and does not indicate confidentiality or integrity impact, but it can still cause a serious availability problem in the kernel. Prioritize patching on shared, multi-user, or high-availability Linux systems.

Recommended defensive actions

  • Apply the kernel updates that include the referenced fixes from the official Linux stable tree links.
  • Verify whether your distribution has backported the fix into your currently deployed kernel version.
  • If you operate multi-user Linux hosts, treat this as a denial-of-service hardening item and accelerate patch rollout on exposed systems.
  • Confirm whether any local users or containers can interact with the affected procfs networking path in your environment.
  • Track vendor advisories for your Linux distribution in case the fix is delivered through a distro kernel package rather than upstream release numbers.

Evidence notes

The CVE record was published on 2026-03-18 and last modified on 2026-05-21. NVD marks the issue as analyzed and lists CVSS v3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. NVD also provides Linux kernel version criteria showing affected ranges ending before 6.6.136, 6.12.80, and 6.18.10, along with additional historical release criteria. The provided CVE description states the root cause is missing RCU protection in ptype_seq_show() and ptype_seq_next().

Official resources

CVE published 2026-03-18 and last modified 2026-05-21. The official references point to Linux kernel stable patches.