Main Vulnerability Database SB20260320112

SB20260320112 - Buffer over-read in Linux kernel sched

Published: March 20, 2026

Security Bulletin ID SB20260320112

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer over-read (CVE-ID: CVE-2026-23245)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper memory management in the net/sched: act_gate component when handling action replacement while the hrtimer callback or dump path is walking the schedule list. A local user can trigger a race condition to cause a denial of service.

Exploitation requires access to the network scheduling subsystem and occurs due to lack of proper synchronization during parameter updates.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/04d75529dc0f9be78786162ebab7424af4644df2
https://git.kernel.org/stable/c/58b162e318d0243ad2d7d92456c0873f2494c351
https://git.kernel.org/stable/c/62413a9c3cb183afb9bb6e94dd68caf4e4145f4c