What is CVE-2026-23378?

CVE-2026-23378 is a high-severity vulnerability in Linux. CVSS score: 7.8/10. Published 2026-03-25.

How severe is CVE-2026-23378?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Linux

CVE-2026-23378

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife…

EPSS: 0.000 (4.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Linux — versions aa9fd9a325d51fa0b11153b03b8fefff569fa955, 4.15, 0

References

git.kernel.org/stable/c/56ade7ddea6ce605552341785d08e365c3f61861
git.kernel.org/stable/c/5b1449301ca070814d866990b46f48d3f39ea4ee
git.kernel.org/stable/c/91a89d3bdc2f63d983adc13d1771631663c5dc1b
git.kernel.org/stable/c/cd888c3966672239f2e0707b846a5a936ac9038a
git.kernel.org/stable/c/691866c4cca54dc4df762276b49e89b36e046947
git.kernel.org/stable/c/e2cedd400c3ec0302ffca2490e8751772906ac23

Frequently asked questions

What is CVE-2026-23378?: CVE-2026-23378 is a high-severity vulnerability in Linux. CVSS score: 7.8/10. Published 2026-03-25.
How severe is CVE-2026-23378?: High severity. CVSS v3 base score is 7.8 out of 10.