Vulnerability in Linux Kernel Affecting Networking Functionality
CVE-2026-23270

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 March 2026

What is CVE-2026-23270?

In recent changes to the Linux kernel, a vulnerability was identified that allows the act_ct feature to bind to clsact/ingress queuing disciplines and shared blocks. Although this was not its intended use, users have attempted to attach act_ct to egress paths, creating potential security risks. The issue can lead to a use-after-free (UaF) scenario if packets classified as TC_ACT_CONSUMED are subsequently handled by the defragmentation engine. The resolution restricts the use of act_ct to clsact and ingress qdiscs, thereby mitigating the risk while allowing some flexibility in network configuration.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 3f14b377d01d8357eba032b4cabc8c1149b458b6 < 524ce8b4ea8f64900b6c52b6a28df74f6bc0801e

Linux 3f14b377d01d8357eba032b4cabc8c1149b458b6 < 380ad8b7c65ea7aa10ef2258297079ed5ac1f5b6

Linux 3f14b377d01d8357eba032b4cabc8c1149b458b6 < 9deda0fcda5c1f388c5e279541850b71a2ccfcf4

References

https://git.kernel.org/stable/c/524ce8b4ea8f64900b6c52b6a...
https://git.kernel.org/stable/c/380ad8b7c65ea7aa10ef22582...
https://git.kernel.org/stable/c/9deda0fcda5c1f388c5e27954...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.