Linux Kernel up to 6.18.19/6.19.9/7.0-rc4 shaper allocation of resources

Summaryinfo

A vulnerability was found in Linux Kernel up to 6.18.19/6.19.9/7.0-rc4. It has been rated as critical. The impacted element is an unknown function of the component shaper. Performing a manipulation results in allocation of resources. This vulnerability is identified as CVE-2026-23436. There is not any exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as critical has been found in Linux Kernel up to 6.18.19/6.19.9/7.0-rc4. This affects an unknown function of the component shaper. The manipulation with an unknown input leads to a allocation of resources vulnerability. CWE is classifying the issue as CWE-770. The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. The impact remains unknown. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops (pre- callbacks) and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual protections. The netdev may get unregistered in between the time we take the ref and the time we lock it. We may allocate the hierarchy after flush has already run, which would lead to a leak. Take the instance lock in pre- already, this saves us from the race and removes the need for dedicated lock/unlock callbacks completely. After all, if there's any chance of write happening concurrently with the flush - we're back to leaking the hierarchy. We may take the lock for devices which don't support shapers but we're only dealing with SET operations here, not taking the lock would be optimizing for an error case.

It is possible to read the advisory at git.kernel.org. This vulnerability is uniquely identified as CVE-2026-23436 since 01/13/2026. The exploitability is told to be difficult. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 6.18.20, 6.19.10 or 7.0-rc5 eliminates this vulnerability. Applying the patch 719f6784f918f9e32f3ff3b197f900e852223f9d/d22921727023e7852704965e935f4d1fc83a5ec9/d75ec7e8ba1979a1eb0b9211d94d749cdce849c8 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.18.0
• 6.18.1
• 6.18.2
• 6.18.3
• 6.18.4
• 6.18.5
• 6.18.6
• 6.18.7
• 6.18.8
• 6.18.9
• 6.18.10
• 6.18.11
• 6.18.12
• 6.18.13
• 6.18.14
• 6.18.15
• 6.18.16
• 6.18.17
• 6.18.18
• 6.18.19
• 6.19.0
• 6.19.1
• 6.19.2
• 6.19.3
• 6.19.4
• 6.19.5
• 6.19.6
• 6.19.7
• 6.19.8
• 6.19.9
• 7.0-rc1
• 7.0-rc2
• 7.0-rc3
• 7.0-rc4

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion