exploitDog

CVE-2026-23001

Опубликовано: 25 янв. 2026

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

macvlan: fix possible UAF in macvlan_forward_source()

Add RCU protection on (struct macvlan_source_entry)->vlan.

Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts.

This allows macvlan_forward_source() to skip over entries queued for freeing.

Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)).

https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.18.1 (включая) до 5.10.249 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.11 (включая) до 5.15.199 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 6.1.162 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.2 (включая) до 6.6.122 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.7 (включая) до 6.12.67 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.13 (включая) до 6.18.7 (исключая)

cpe:2.3:o:linux:linux_kernel:3.18:-:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00188

Низкий

7.8 High

CVSS3

Дефекты

CWE-416

Связанные уязвимости

CVE-2026-23001

CVSS3: 7.8

ubuntu

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts. This allows macvlan_forward_source() to skip over entries queued for freeing. Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)). https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u

CVE-2026-23001

CVSS3: 7.8

redhat

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts. This allows macvlan_forward_source() to skip over entries queued for freeing. Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)). https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u

CVE-2026-23001

CVSS3: 7.8

debian

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: m ...

GHSA-vgc7-m4r9-xw45

CVSS3: 7.8

github

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts. This allows macvlan_forward_source() to skip over entries queued for freeing. Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)). https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u

BDU:2026-01111

CVSS3: 7

fstec

5 месяцев назад

Уязвимость функции macvlan_forward_source() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 8%

0.00188

Низкий

7.8 High

CVSS3

Дефекты

CWE-416