CVE-2026-23245 PUBLISHED

net/sched: act_gate: snapshot parameters with RCU on replace

Assigner: Linux
Reserved: 13.01.2026 Published: 18.03.2026 Updated: 18.03.2026

In the Linux kernel, the following vulnerability has been resolved:

net/sched: act_gate: snapshot parameters with RCU on replace

The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list.

Convert the parameters to an RCU-protected snapshot and swap updates under tcf_lock, freeing the previous snapshot via call_rcu(). When REPLACE omits the entry list, preserve the existing schedule so the effective state is unchanged.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from a51c328df3106663879645680609eb49b3ff6444 to 04d75529dc0f9be78786162ebab7424af4644df2 (excl.) affected from a51c328df3106663879645680609eb49b3ff6444 to 58b162e318d0243ad2d7d92456c0873f2494c351 (excl.) affected from a51c328df3106663879645680609eb49b3ff6444 to 62413a9c3cb183afb9bb6e94dd68caf4e4145f4c (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 5.8 is affected unaffected from 0 to 5.8 (excl.) unaffected from 6.18.18 to 6.18.* (incl.) unaffected from 6.19.8 to 6.19.* (incl.) unaffected from 7.0-rc3 to * (incl.)

CVE-2026-23245 PUBLISHED

net/sched: act_gate: snapshot parameters with RCU on replace

Product Status

References