CVE-2026-23313

high

Description

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using get_cpu() in the tracepoint assignment causes an obvious preempt count leak because nothing invokes put_cpu() to undo it: softirq: huh, entered softirq 3 NET_RX with preempt_count 00000100, exited with 00000101? This clearly has seen a lot of testing in the last 3+ years... Use smp_processor_id() instead.

References

https://git.kernel.org/stable/c/dca4ea596a3b0a1b82bc1d9f3e4d88bd9ad9561f

https://git.kernel.org/stable/c/b7e91827e1cf89cd34ad11dc8f8c010b70ab786e

https://git.kernel.org/stable/c/9e0f091821571f0da387462803ee42f0bb157582

https://git.kernel.org/stable/c/4b3d54a85bd37ebf2d9836f0d0de775c0ff21af9

Details

Source: Mitre, NVD

Published: 2026-03-25

Updated: 2026-03-25

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00018