PatchSiren cyber security CVE debrief
CVE-2026-23340 Linux CVE debrief
A use-after-free vulnerability was found in the Linux kernel's network scheduler. When shrinking the number of real tx queues, the qdisc_reset_all_tx_gt() function is called to flush qdiscs for queues that will no longer be used. However, for lockless qdiscs, the dequeue path is serialized by qdisc_run_begin/end() using qdisc->seqlock instead of qdisc_lock(). This can lead to a use-after-free vulnerability, allowing an attacker to potentially execute arbitrary code.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-25
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-03-25
- Advisory updated
- 2026-07-14
Who should care
Users of the Linux kernel, particularly those using versions 4.16.1 to 5.15.203, 5.16 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7.
Technical summary
The vulnerability exists in the Linux kernel's network scheduler, specifically in the qdisc_reset_all_tx_gt() function. When shrinking the number of real tx queues, this function is called to flush qdiscs for queues that will no longer be used. However, for lockless qdiscs, the dequeue path is serialized by qdisc_run_begin/end() using qdisc->seqlock instead of qdisc_lock(). This can lead to a use-after-free vulnerability, allowing an attacker to potentially execute arbitrary code. The vulnerability can be reproduced on e.g. virtio-net by imposing heavy traffic while frequently changing the number of queue pairs.
Defensive priority
High
Recommended defensive actions
- Apply patches from Linux kernel maintainers
- Update to Linux kernel version 5.15.204 or later
- Use Linux kernel version 6.1.168 or later
- Use Linux kernel version 6.6.131 or later
- Use Linux kernel version 6.7 or later
- Use Linux kernel version 6.12.78 or later
- Use Linux kernel version 6.18.18 or later
- Use Linux kernel version 6.19.8 or later
Evidence notes
The vulnerability was reported by Linux kernel maintainers. The affected versions of the Linux kernel are 4.16.1 to 5.15.203, 5.16 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7.
Official resources
-
CVE-2026-23340 CVE record
CVE.org
-
CVE-2026-23340 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:31.837Z and has not been modified since then.