Main Vulnerability Database SB20260325145

SB20260325145 - Resource exhaustion in Linux kernel intel i40e driver

Published: March 25, 2026

Security Bulletin ID SB20260325145

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource exhaustion (CVE-ID: CVE-2026-23313)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper resource management in the i40e NAPI poll tracepoint when handling network packets. A local user can trigger the tracepoint to cause a preempt count leak, leading to a denial of service.

The issue arises from using get_cpu() without a corresponding put_cpu() in the tracepoint, which results in an increment of the preempt count that is never decremented.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/4b3d54a85bd37ebf2d9836f0d0de775c0ff21af9
https://git.kernel.org/stable/c/9e0f091821571f0da387462803ee42f0bb157582
https://git.kernel.org/stable/c/b7e91827e1cf89cd34ad11dc8f8c010b70ab786e
https://git.kernel.org/stable/c/dca4ea596a3b0a1b82bc1d9f3e4d88bd9ad9561f