What is CVE-2026-23275?

CVE-2026-23275 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10, affecting Linux kernel versions from 6.13 onward and patched in 6.18.19, 6.19.9 and 7.0. CVE-2026-23275 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-23275?

CVE-2026-23275 has a CVSS score of 7.8 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2026-23275?

Yes, CVE-2026-23275 has been patched. Fixed versions include 6.18.19, 6.19.9 and 7.0. If you are running Linux kernel 6.13 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-23275 actively exploited?

CVE-2026-23275 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-23275

High

In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is stable for task work flags manipulation If DEFER_TASKRUN | SETUP_TASKRUN is used and task work is added while the ring is being resized, it's possible for the OR'ing of IORING_SQ_TASKRUN to happen in the small window of swapping into the new rings and the old rings being freed. Prevent this by adding a 2nd ->rings pointer, ->rings_rcu, which is protected by RCU. The task work flags manipulation is inside RCU already, and if the resize ring freeing is done post an RCU synchronize, then there's no need to add locking to the fast path of task work additions. Note: this is only done for DEFER_TASKRUN, as that's the only setup mode that supports ring resizing. If this ever changes, then they too need to use the io_ctx_mark_taskrun() helper.

Package Linux Kernel

Published 2026-03-20

Last modified 2026-05-22

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

7.8

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected versions

Linux kernel versions 6.13 and later are affected. Fixed in 6.18.19, 6.19.9, 7.0 and their respective stable series.

Affected from

≥ 6.13

Fixed in

✓ 6.18.19 6.18.x ✓ 6.19.9 6.19.x ✓ 7.0

References

The following references provide additional information about CVE-2026-23275 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/46dc07d5f31411cc023f3bf1f4a23a07bf6e0ed1
Patch
Kernel patch commit
https://git.kernel.org/stable/c/7cc4530b3e952d4a5947e1e55d06620d8845d4f5
Patch
Kernel patch commit
https://git.kernel.org/stable/c/96189080265e6bb5dde3a4afbaf947af493e3f82
Patch

Details

CVE ID CVE-2026-23275

Severity High

CVSS score 7.8 / 10

CVSS version 3.1

Published 2026-03-20

Modified 2026-05-22

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2026-23275?

CVE-2026-23275 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 . It affects Linux kernel versions from 6.13 onward and has been patched in 6.18.19, 6.19.9 and 7.0. CVE-2026-23275 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2026-23275?

CVE-2026-23275 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2026-23275?

Yes — CVE-2026-23275 has been patched. Fixed versions include 6.18.19, 6.19.9 and 7.0. If you are running Linux kernel 6.13 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-23275 actively exploited?

No — CVE-2026-23275 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.