CVE-2026-23274 Linux — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	7.8 (HIGH)
Affected Versions	5.7 — 7.0-rc4
Fixed In	6.18.19
Vendor	Linux
Public PoC	No

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call mod_timer() on timer->timer. If the label was created first by revision 1 with XT_IDLETIMER_ALARM, the object uses alarm timer semantics and timer->timer is never initialized. Reusing that object from revision 0 causes mod_timer() on an uninitialized timer_list, triggering debugobjects warnings and possible panic when panic_on_warn=1.

Fix this by rejecting revision 0 rule insertion when an existing timer with the same label is of ALARM type.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Vulnerable Products 3

Configuration	From (including)	Up to (excluding)
Linux Linux_Kernel cpe:2.3:o:linux:linux_kernel::::::::	`5.7`	`6.18.19`
Linux Linux_Kernel cpe:2.3:o:linux:linux_kernel::::::::	`5.7`	`6.19.9`
Linux Linux_Kernel cpe:2.3:o:linux:linux_kernel::::::::	`5.7`	`7.0-rc4`