CVE Catalog

CVE-2026-45917

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile - higher than 6% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to route management for closing network devices. The issue involves a race condition between the event notification and the code that caches route information, potentially leading to leaked device references.

Risk Assessment

Organizations may be exposed to leaked references to closing devices, which could result in unexpected system behavior and potential security issues.

Recommendation

It is recommended to update the Linux kernel to the latest version to patch this vulnerability and to monitor systems for potential issues related to closing devices.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep dest_dst if dev is going down There is race between the netdev notifier ip_vs_dst_event() and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handler finishes, it is possible valid route to be returned and cached resuling in a leaked dev reference until the dest is not removed. To prevent new dest_dst to be attached to dest just after the handler dropped the old one, add a netif_running() check to make sure the notifier handler is not currently running for device that is closing.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS