CVE-2026-23436

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: shaper: protect from late creation of hierarchy<br /> <br /> We look up a netdev during prep of Netlink ops (pre- callbacks)<br /> and take a ref to it. Then later in the body of the callback<br /> we take its lock or RCU which are the actual protections.<br /> <br /> The netdev may get unregistered in between the time we take<br /> the ref and the time we lock it. We may allocate the hierarchy<br /> after flush has already run, which would lead to a leak.<br /> <br /> Take the instance lock in pre- already, this saves us from the race<br /> and removes the need for dedicated lock/unlock callbacks completely.<br /> After all, if there&amp;#39;s any chance of write happening concurrently<br /> with the flush - we&amp;#39;re back to leaking the hierarchy.<br /> <br /> We may take the lock for devices which don&amp;#39;t support shapers but<br /> we&amp;#39;re only dealing with SET operations here, not taking the lock<br /> would be optimizing for an error case.