PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23449 Linux CVE debrief

CVE-2026-23449 is a Linux kernel double-free in TEQL qdisc handling. NVD rates it HIGH (CVSS 7.8), and the issue is described as a race between TEQL's datapath and qdisc reset logic when a TEQL device has a lockless root qdisc. The reported effect is kernel memory corruption and crashes, including a KASAN double-free report. Fixed kernels are referenced by upstream stable patches and NVD marks multiple Linux kernel release ranges as affected.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-03
Original CVE updated
2026-05-21
Advisory published
2026-04-03
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distro security teams, and operators running systems that use TEQL (Traffic Equalizer) qdiscs, especially where local users or privileged workloads can interact with networking stack configuration. Fleet owners should pay attention to the affected kernel version ranges listed by NVD.

Technical summary

The vulnerability is identified as CWE-415 (double free). According to the source description, teql_master_xmit can race with qdisc_reset when a TEQL device has a lockless qdisc as root; qdisc_reset is supposed to be called under seq_lock to avoid racing with the datapath. The provided crash trace shows the double-free surfacing in skb_release_data via pfifo_fast_reset, qdisc_reset, teql_destroy, and qdisc_graft. NVD lists the following affected Linux kernel ranges: 4.18 through 6.1.167, 6.2 through 6.6.130, 6.7 through 6.12.78, 6.13 through 6.18.20, 6.19 through 6.19.10, and 7.0-rc1 through 7.0-rc4.

Defensive priority

High for environments that use TEQL or otherwise expose the affected networking path; moderate otherwise because the issue requires local access and is not reported as remotely exploitable in the supplied data.

Recommended defensive actions

  • Apply the upstream/stable kernel fixes referenced by NVD and the kernel patch links.
  • Upgrade to a kernel version outside the affected ranges listed by NVD.
  • Review whether TEQL is enabled or used in your environment; if not needed, disable or avoid TEQL configurations.
  • Prioritize patching systems that allow untrusted local users, containers, or privileged workloads to reach the affected networking stack paths.
  • Watch for kernel crashes or KASAN double-free reports involving skb_release_data, qdisc_reset, teql_destroy, or qdisc_graft on affected builds.

Evidence notes

This debrief uses only the supplied CVE/NVD corpus and official kernel patch references. Supported facts include the CVE ID, CVSS 7.8/High, CWE-415, the TEQL/qdisc_reset race description, the crash trace indicating a double-free in skb_release_data, and the affected version ranges listed in NVD. No exploit steps, payloads, or unstated root-cause details are included.

Official resources

CVE published 2026-04-03T16:16:31.037Z and last modified 2026-05-21T00:38:40.837Z, per the supplied timeline and source record.