HOMEVULNERABILITIESCVE-2026-23379
NONE

CVE-2026-23379

Published: March 25, 2026· Updated: Mar 25, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.5th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

net/sched: ets: fix divide by zero in the offload path

Offloading ETS requires computing each class' WRR weight: this is done by

averaging over the sums of quanta as 'q_sum' and 'q_psum'. Using unsigned

int, the same integer size as the individual DRR quanta, can overflow and

even cause division by zero, like it happened in the following splat:

Oops: divide error: 0000 [#1] SMP PTI

CPU: 13 UID: 0 PID: 487 Comm: tc Tainted: G E 6.19.0-virtme #45 PREEMPT(full)

Tainted: [E]=UNSIGNED_MODULE

Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011

RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]

Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 <41> f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44

RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246

RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000

RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660

RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe

R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe

R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000

FS: 00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0

Call Trace:

<TASK>

ets_qdisc_change+0x870/0xf40 [sch_ets]

qdisc_create+0x12b/0x540

tc_modify_qdisc+0x6d7/0xbd0

rtnetlink_rcv_msg+0x168/0x6b0

netlink_rcv_skb+0x5c/0x110

netlink_unicast+0x1d6/0x2b0

netlink_sendmsg+0x22e/0x470

____sys_sendmsg+0x38a/0x3c0

___sys_sendmsg+0x99/0xe0

__sys_sendmsg+0x8a/0xf0

do_syscall_64+0x111/0xf80

entry_SYSCALL_64_after_hwframe+0x77/0x7f

RIP: 0033:0x7f440b81c77e

Code: 4d 89 d8 e8 d4 bc 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa

RSP: 002b:00007fff951e4c10 EFLAGS: 00000202 ORIG_RAX: 000000000000002e

RAX: ffffffffffffffda RBX: 0000000000481820 RCX: 00007f440b81c77e

RDX: 0000000000000000 RSI: 00007fff951e4cd0 RDI: 0000000000000003

RBP: 00007fff951e4c20 R08: 0000000000000000 R09: 0000000000000000

R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff951f4fa8

R13: 00000000699ddede R14: 00007f440bb01000 R15: 0000000000486980

</TASK>

Modules linked in: sch_ets(E) netdevsim(E)

---[ end trace 0000000000000000 ]---

RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]

Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 <41> f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44

RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246

RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000

RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660

RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe

R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe

R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000

FS: 00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0

Kernel panic - not syncing: Fatal exception

Kernel Offset: 0x30000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)

---[ end Kernel panic - not syncing: Fatal exception ]---

Fix this using 64-bit integers for 'q_sum' and 'q_psum'.

NVD Source

Technical Analysis

CVE-2026-23379 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (6)

Quick Facts

CVE IDCVE-2026-23379
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMar 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23379 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.