{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23313", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.994Z", "datePublished": "2026-03-25T10:27:08.686Z", "dateUpdated": "2026-03-25T10:27:08.686Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:08.686Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix preempt count leak in napi poll tracepoint\n\nUsing get_cpu() in the tracepoint assignment causes an obvious preempt\ncount leak because nothing invokes put_cpu() to undo it:\n\n softirq: huh, entered softirq 3 NET_RX with preempt_count 00000100, exited with 00000101?\n\nThis clearly has seen a lot of testing in the last 3+ years...\n\nUse smp_processor_id() instead."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_trace.h"], "versions": [{"version": "6d4d584a7ea8fc8d2be77545cb503118c193738a", "lessThan": "b7e91827e1cf89cd34ad11dc8f8c010b70ab786e", "status": "affected", "versionType": "git"}, {"version": "6d4d584a7ea8fc8d2be77545cb503118c193738a", "lessThan": "9e0f091821571f0da387462803ee42f0bb157582", "status": "affected", "versionType": "git"}, {"version": "6d4d584a7ea8fc8d2be77545cb503118c193738a", "lessThan": "dca4ea596a3b0a1b82bc1d9f3e4d88bd9ad9561f", "status": "affected", "versionType": "git"}, {"version": "6d4d584a7ea8fc8d2be77545cb503118c193738a", "lessThan": "4b3d54a85bd37ebf2d9836f0d0de775c0ff21af9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/i40e/i40e_trace.h"], "versions": [{"version": "6.2", "status": "affected"}, {"version": "0", "lessThan": "6.2", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b7e91827e1cf89cd34ad11dc8f8c010b70ab786e"}, {"url": "https://git.kernel.org/stable/c/9e0f091821571f0da387462803ee42f0bb157582"}, {"url": "https://git.kernel.org/stable/c/dca4ea596a3b0a1b82bc1d9f3e4d88bd9ad9561f"}, {"url": "https://git.kernel.org/stable/c/4b3d54a85bd37ebf2d9836f0d0de775c0ff21af9"}], "title": "i40e: Fix preempt count leak in napi poll tracepoint", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix preempt count leak in napi poll tracepoint\n\nUsing get_cpu() in the tracepoint assignment causes an obvious preempt\ncount leak because nothing invokes put_cpu() to undo it:\n\n softirq: huh, entered softirq 3 NET_RX with preempt_count 00000100, exited with 00000101?\n\nThis clearly has seen a lot of testing in the last 3+ years...\n\nUse smp_processor_id() instead."}], "id": "CVE-2026-23313", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:27.623", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4b3d54a85bd37ebf2d9836f0d0de775c0ff21af9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9e0f091821571f0da387462803ee42f0bb157582"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b7e91827e1cf89cd34ad11dc8f8c010b70ab786e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dca4ea596a3b0a1b82bc1d9f3e4d88bd9ad9561f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: i40e: Fix preempt count leak in napi poll tracepoint", "id": "2451223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451223"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-911", "details": ["A flaw was found in the i40e network driver within the Linux kernel. This vulnerability, a preemption count leak, occurs in the NAPI (New API) poll tracepoint due to incorrect handling of CPU preemption counts. This issue could lead to an imbalanced preemption count, potentially causing kernel warnings, system instability, or a denial of service."], "name": "CVE-2026-23313", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23313\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23313\nhttps://lore.kernel.org/linux-cve-announce/2026032529-CVE-2026-23313-925e@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[6d4d584a7ea8fc8d2be77545cb503118c193738a,b7e91827e1cf89cd34ad11dc8f8c010b70ab786e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[6d4d584a7ea8fc8d2be77545cb503118c193738a,9e0f091821571f0da387462803ee42f0bb157582)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[6d4d584a7ea8fc8d2be77545cb503118c193738a,dca4ea596a3b0a1b82bc1d9f3e4d88bd9ad9561f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[6d4d584a7ea8fc8d2be77545cb503118c193738a,4b3d54a85bd37ebf2d9836f0d0de775c0ff21af9)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.2"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.2)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-03-26T05:06:16.448205+00:00", "value": {"mitigation_remediation": ["Apply the Linux kernel patch that replaces get_cpu() with smp_processor_id() in the i40e driver."], "summary": {"action": "Apply Patch", "impact": "Kernel preemption counter leak"}, "threat_synthesis": {"affected_systems": "Any Linux kernel build that includes the i40e driver, encompassing most generic Linux distributions, may contain the vulnerable code. No specific kernel version range is provided, so systems running kernels with the unpatched i40e module are potentially impacted.", "description_and_impact": "Within the Linux kernel's i40e network driver, a tracepoint assignment mistakenly uses get_cpu() without a subsequent put_cpu() call, causing the preempt_count to remain incremented. This preemption counter leak can disturb kernel scheduling logic, potentially leading to kernel instability or a localized denial of service if the counter remains erroneously high. The weakness is a code\u2011handling defect (CWE\u2011911) that allows an unintended persistence of a scheduling counter.", "risk_and_exploitability": "With a CVSS score of 5.5, the vulnerability is considered moderate in severity. The EPSS score is under 1\u202f%, indicating a low probability of exploitation, and it is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation would require a process executing with kernel privileges, as the issue resides in driver code during poll tracing. Therefore the exploitability is limited to local privileged contexts and is not publicly exploitable from a remote surface. The official fix involves replacing get_cpu() with smp_processor_id(), eliminating the preemption counter leak."}}}}, "created": "2026-03-25T21:15:16.369400+00:00", "updated": "2026-03-26T12:16:44.239083+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}