Linux Kernel Vulnerability in Net/Sched Affecting Metadata Handling
CVE-2026-23378

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
25 March 2026

What is CVE-2026-23378?

A vulnerability has been identified in the Linux kernel's net/sched component, specifically within the act_ife action's handling of metadata lists. The flaw centers around the incorrect implementation of metadata replacement; rather than replacing existing data on the metalist, new data is appended without bounds checking. This inappropriate behavior can lead to an endless accumulation of metadata, which may provoke out-of-bounds errors during encoding operations. Addressing this issue involves modifying the replacement behavior to incorporate the metalist into the kernel's RCU data structure, thereby restoring correct function and preventing potential crashes or exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux aa9fd9a325d51fa0b11153b03b8fefff569fa955 < 56ade7ddea6ce605552341785d08e365c3f61861

Linux aa9fd9a325d51fa0b11153b03b8fefff569fa955 < 5b1449301ca070814d866990b46f48d3f39ea4ee

Linux aa9fd9a325d51fa0b11153b03b8fefff569fa955 < 91a89d3bdc2f63d983adc13d1771631663c5dc1b

References

https://git.kernel.org/stable/c/56ade7ddea6ce605552341785...
https://git.kernel.org/stable/c/5b1449301ca070814d866990b...
https://git.kernel.org/stable/c/91a89d3bdc2f63d983adc13d1...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.