PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23379 Linux CVE debrief

A divide by zero vulnerability was found in the Linux kernel's net/sched: ets offload path. This vulnerability can cause a kernel panic. The issue arises from using unsigned integers for 'q_sum' and 'q_psum', which can overflow and cause division by zero. Affected systems include those running Linux kernel versions 5.6.1 to 5.10.253, 5.11 to 5.15.203, 5.16 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, and 6.19 to 6.19.7.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-25
Original CVE updated
2026-07-14
Advisory published
2026-03-25
Advisory updated
2026-07-14

Who should care

System administrators and users of Linux kernel versions 5.6.1 to 5.10.253, 5.11 to 5.15.203, 5.16 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, and 6.19 to 6.19.7 should be aware of this vulnerability.

Technical summary

The vulnerability is caused by using unsigned integers for 'q_sum' and 'q_psum' in the ets offload path of the Linux kernel. This can lead to an overflow and division by zero, causing a kernel panic. The issue can be fixed by using 64-bit integers for 'q_sum' and 'q_psum'. System administrators should update Linux kernel to version 5.10.254 or later, 5.15.204 or later, 6.1.168 or later, 6.6.131 or later, 6.7 or later, 6.12.78 or later, 6.18.18 or later, or 6.19.8 or later.

Defensive priority

Medium

Recommended defensive actions

  • Update Linux kernel to version 5.10.254 or later, 5.15.204 or later, 6.1.168 or later, 6.6.131 or later, 6.7 or later, 6.12.78 or later, 6.18.18 or later, or 6.19.8 or later
  • Apply patches from Linux kernel stable branches
  • Monitor system logs for signs of kernel panics
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-03-25T11:16:37.827Z and last modified on 2026-07-14T13:18:31.703Z. The NVD entry is currently Modified. This vulnerability affects Linux kernel versions 5.6.1 to 5.10.253, 5.11 to 5.15.203, 5.16 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, and 6.19 to 6.19.7. Defenders should verify system configurations and review logs for signs of kernel panics.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:37.827Z and has not been modified since then.