What is CVE-2026-23414?

CVE-2026-23414 is a high-severity vulnerability in Linux. CVSS score: 7.5/10. Published 2026-04-02.

How severe is CVE-2026-23414?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Linux

CVE-2026-23414

In the Linux kernel, the following vulnerability has been resolved: tls: Purge async_hold in tls_decrypt_async_wait() The async_hold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once tls_decryp…

EPSS: 0.000 (14.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Linux — versions 6.6.114, c61d4368197d65c4809d9271f3b85325a600586a, 9f83fd0c179e0f458e824e417f9d5ad53443f685

References

git.kernel.org/stable/c/ac435be7c7613eb13a5a8ceb5182e10b50c9ce87
git.kernel.org/stable/c/2dcf324855c34e7f934ce978aa19b645a8f3ee71
git.kernel.org/stable/c/6dc11e0bd0a5466bcc76d275c09e5537bd0597dd
git.kernel.org/stable/c/9f557c7eae127b44d2e863917dc986a4b6cb1269
git.kernel.org/stable/c/fd8037e1f18ca5336934d0e0e7e1a4fe097e749d
git.kernel.org/stable/c/84a8335d8300576f1b377ae24abca1d9f197807f

Frequently asked questions

What is CVE-2026-23414?: CVE-2026-23414 is a high-severity vulnerability in Linux. CVSS score: 7.5/10. Published 2026-04-02.
How severe is CVE-2026-23414?: High severity. CVSS v3 base score is 7.5 out of 10.