clsact: Fix use-after-free in init/destroy rollback asymmetry

Description

A vulnerability classified as critical was found in Linux Kernel up to 6.6.129/6.12.77/6.18.19/6.19.9/7.0-rc4. This impacts the function clsact_init. The manipulation results in use after free. This vulnerability was named CVE-2026-23413. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

Affected Products

Vendor	Product	Versions
linux	linux kernel	230bb13650b0f186f540500fd5f5f7096a822a2a, 1cb6f0bae50441f4b4b32a28315853b279c7404e, 1cb6f0bae50441f4b4b32a28315853b279c7404e, 1cb6f0bae50441f4b4b32a28315853b279c7404e, 1cb6f0bae50441f4b4b32a28315853b279c7404e, f61ecf1bd5b562ebfd7d430ccb31619857e80857, 6.10, 6.6.129, 6.12.77, 6.18.19, 6.19.9, 7.0-rc4

References

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2026-23413 | Linux Kernel up to 6.6.129/6.12.77/6.18.19/6.19.9/7.0-rc4 clsact_init use after free

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

a73d95b57bf9faebdfed591bcb7ed9292062a84c37bef86e5428d59f70a4da82b80f9a8f252fecbe4c9af67f99aa3e51b522c54968ab3ac8272be41c0509b762bc5e8ea7b8391130730c6d8502fc6e69a0671125d4f55e1e98d9bde8a0b671941987e20806.6.1306.12.786.18.206.19.107.0-rc5

PublishedApr 2, 2026

Last enriched6h agov2

Trending Score48

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack