CVE-2026-23313

| EUVD-2026-15256
2026-03-25 Linux

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15256
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

Tags

Linux Linux Kernel Denial Of Service Debian Suse

Description

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using get_cpu() in the tracepoint assignment causes an obvious preempt count leak because nothing invokes put_cpu() to undo it: softirq: huh, entered softirq 3 NET_RX with preempt_count 00000100, exited with 00000101? This clearly has seen a lot of testing in the last 3+ years... Use smp_processor_id() instead.

Analysis

A preempt count leak exists in the Linux kernel's i40e network driver within the napi poll tracepoint implementation, where get_cpu() is called without a corresponding put_cpu() to restore the preempt count. This affects all Linux kernel versions containing the vulnerable i40e driver code and can cause kernel accounting errors and potential system instability when the tracepoint is enabled. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Vendor Status

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

Share

CVE-2026-23313 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy