2449572 – (CVE-2026-23274) CVE-2026-23274 kernel: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels

Bug 2449572 (CVE-2026-23274) - CVE-2026-23274 kernel: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels

Summary: CVE-2026-23274 kernel: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM ti...

Keywords:
Status:	NEW
Alias:	CVE-2026-23274
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-20 09:03 UTC by OSIDB Bzimport
Modified:	2026-03-20 12:16 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-20 09:03:22 UTC

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels

IDLETIMER revision 0 rules reuse existing timers by label and always call
mod_timer() on timer->timer.

If the label was created first by revision 1 with XT_IDLETIMER_ALARM,
the object uses alarm timer semantics and timer->timer is never initialized.
Reusing that object from revision 0 causes mod_timer() on an uninitialized
timer_list, triggering debugobjects warnings and possible panic when
panic_on_warn=1.

Fix this by rejecting revision 0 rule insertion when an existing timer with
the same label is of ALARM type.

Comment 1 Alexander B 2026-03-20 12:14:04 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026032034-CVE-2026-23274-ba1d@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.