CVE-2026-23419 | Linux Kernel up to 6.6.129/6.12.76/6.18.16/6.19.6/7.0-rc2 rds rds_tcp_tune allocation of resources

VDB-355094 · CVE-2026-23419 · GCVE-0-2026-23419 LINUX KERNEL UP TO 6.6.129/6.12.76/6.18.16/6.19.6/7.0-RC2 RDS RDS_TCP_TUNE ALLOCATION OF RESOURCES HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.5 $0-$5k 0.82+ Summaryinfo A vulnerability described as critical has been identified in Linux Kernel up to 6.6.129/6.12.76/6.18.16/6.19.6/7.0-rc2. This vulnerability affects the function rds_tcp_tune of the component rds. Such manipulation leads to allocation of resources. This vulnerability is traded as CVE-2026-23419. There is no exploit available. Upgrading the affected component is recommended. Detailsinfo A vulnerability was found in Linux Kernel up to 6.6.129/6.12.76/6.18.16/6.19.6/7.0-rc2. It has been rated as critical. Affected by this issue is the function rds_tcp_tune of the component rds. The manipulation with an unknown input leads to a allocation of resources vulnerability. Using CWE to declare the problem leads to CWE-770. The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. Impacted is availability. CVE summarizes: In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() where sk_net_refcnt_upgrade() is called while holding the socket lock: ====================================================== WARNING: possible circular locking dependency detected ====================================================== kworker/u10:8/15040 is trying to acquire lock: ffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_cache_noprof+0x4b/0x6f0 but task is already holding lock: ffff88805a3c1ce0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: rds_tcp_tune+0xd7/0x930 The issue occurs because sk_net_refcnt_upgrade() performs memory allocation (via get_net_track() -> ref_tracker_alloc()) while the socket lock is held, creating a circular dependency with fs_reclaim. Fix this by moving sk_net_refcnt_upgrade() outside the socket lock critical section. This is safe because the fields modified by the sk_net_refcnt_upgrade() call (sk_net_refcnt, ns_tracker) are not accessed by any concurrent code path at this point. v2: - Corrected fixes tag - check patch line wrap nits - ai commentary nits The advisory is available at git.kernel.org. This vulnerability is handled as CVE-2026-23419 since 01/13/2026. Technical details are known, but there is no available exploit. Upgrading to version 6.6.130, 6.12.77, 6.18.17, 6.19.7 or 7.0-rc3 eliminates this vulnerability. Applying the patch 8babb271403378ba6836f6c8599c5313d0e2355d/8519e6883a942e510f33a0e634e27bcc3a844a40/6ce948fa54599f369ff7fe8b793a6aae4b0762b2/6a877ececd6daa002a9a0002cd0fbca6592a9244 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version. Productinfo Type Operating System Vendor Linux Name Kernel Version 6.6.129 6.12.0 6.12.1 6.12.2 6.12.3 6.12.4 6.12.5 6.12.6 6.12.7 6.12.8 6.12.9 6.12.10 6.12.11 6.12.12 6.12.13 6.12.14 6.12.15 6.12.16 6.12.17 6.12.18 6.12.19 6.12.20 6.12.21 6.12.22 6.12.23 6.12.24 6.12.25 6.12.26 6.12.27 6.12.28 6.12.29 6.12.30 6.12.31 6.12.32 6.12.33 6.12.34 6.12.35 6.12.36 6.12.37 6.12.38 6.12.39 6.12.40 6.12.41 6.12.42 6.12.43 6.12.44 6.12.45 6.12.46 6.12.47 6.12.48 6.12.49 6.12.50 6.12.51 6.12.52 6.12.53 6.12.54 6.12.55 6.12.56 6.12.57 6.12.58 6.12.59 6.12.60 6.12.61 6.12.62 6.12.63 6.12.64 6.12.65 6.12.66 6.12.67 6.12.68 6.12.69 6.12.70 6.12.71 6.12.72 6.12.73 6.12.74 6.12.75 6.12.76 6.18.0 6.18.1 6.18.2 6.18.3 6.18.4 6.18.5 6.18.6 6.18.7 6.18.8 6.18.9 6.18.10 6.18.11 6.18.12 6.18.13 6.18.14 6.18.15 6.18.16 6.19.0 6.19.1 6.19.2 6.19.3 6.19.4 6.19.5 6.19.6 7.0-rc1 7.0-rc2 License open-source Website Vendor: https://www.kernel.org/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.7 VulDB Meta Temp Score: 5.5 VulDB Base Score: 5.7 VulDB Temp Score: 5.5 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Allocation of resources CWE: CWE-770 / CWE-400 / CWE-404 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: Kernel 6.6.130/6.12.77/6.18.17/6.19.7/7.0-rc3 Patch: 8babb271403378ba6836f6c8599c5313d0e2355d/8519e6883a942e510f33a0e634e27bcc3a844a40/6ce948fa54599f369ff7fe8b793a6aae4b0762b2/6a877ececd6daa002a9a0002cd0fbca6592a9244 Timelineinfo 01/13/2026 CVE reserved 04/03/2026 +79 days Advisory disclosed 04/03/2026 +0 days VulDB entry created 04/03/2026 +0 days VulDB entry last update Sourcesinfo Vendor: kernel.org Advisory: git.kernel.org Status: Confirmed CVE: CVE-2026-23419 (🔒) GCVE (CVE): GCVE-0-2026-23419 GCVE (VulDB): GCVE-100-355094 Entryinfo Created: 04/03/2026 17:03 Changes: 04/03/2026 17:03 (59) Complete: 🔍 Cache ID: 99:58A:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸