exploitDog

CVE-2026-23209

Опубликовано: 14 фев. 2026

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

macvlan: fix error recovery in macvlan_common_newlink()

valis provided a nice repro to crash the kernel:

ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2

ip link add mv0 link p2 type macvlan mode source ip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20

ping -c1 -I p1 1.2.3.4

He also gave a very detailed analysis:

The issue is triggered when a new macvlan link is created with MACVLAN_MODE_SOURCE mode and MACVLAN_MACADDR_ADD (or MACVLAN_MACADDR_SET) parameter, lower device already has a macvlan port and register_netdevice() called from macvlan_common_newlink() fails (e.g. because of the invalid link name).

In this case macvlan_hash_add_source is called from macvlan_change_sources() / macvlan_common_newlink():

This adds a reference to vlan to the port's vlan_source_hash using macvlan_source_e

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.9.1 (включая) до 5.10.250 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.11 (включая) до 5.15.200 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 6.1.163 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.2 (включая) до 6.6.124 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.7 (включая) до 6.12.70 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.13 (включая) до 6.18.10 (исключая)

cpe:2.3:o:linux:linux_kernel:4.9:-:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:4.9:rc6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:4.9:rc7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:4.9:rc8:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00014

Низкий

7.8 High

CVSS3

Дефекты

CWE-416

Связанные уязвимости

CVE-2026-23209

CVSS3: 7.8

ubuntu

около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2 ip link add mv0 link p2 type macvlan mode source ip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20 ping -c1 -I p1 1.2.3.4 He also gave a very detailed analysis: <quote valis> The issue is triggered when a new macvlan link is created with MACVLAN_MODE_SOURCE mode and MACVLAN_MACADDR_ADD (or MACVLAN_MACADDR_SET) parameter, lower device already has a macvlan port and register_netdevice() called from macvlan_common_newlink() fails (e.g. because of the invalid link name). In this case macvlan_hash_add_source is called from macvlan_change_sources() / macvlan_common_newlink(): This adds a reference to vlan to the port's vlan_source_hash using macvlan_source_entry. v...

CVE-2026-23209

CVSS3: 7

redhat

около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2 ip link add mv0 link p2 type macvlan mode source ip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20 ping -c1 -I p1 1.2.3.4 He also gave a very detailed analysis: <quote valis> The issue is triggered when a new macvlan link is created with MACVLAN_MODE_SOURCE mode and MACVLAN_MACADDR_ADD (or MACVLAN_MACADDR_SET) parameter, lower device already has a macvlan port and register_netdevice() called from macvlan_common_newlink() fails (e.g. because of the invalid link name). In this case macvlan_hash_add_source is called from macvlan_change_sources() / macvlan_common_newlink(): This adds a reference to vlan to the port's vlan_source_hash using macvlan_source_entry. v...

CVE-2026-23209

CVSS3: 7.8

debian

около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: m ...

GHSA-89j4-f3cq-gm32

CVSS3: 7.8

github

около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2 ip link add mv0 link p2 type macvlan mode source ip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20 ping -c1 -I p1 1.2.3.4 He also gave a very detailed analysis: <quote valis> The issue is triggered when a new macvlan link is created with MACVLAN_MODE_SOURCE mode and MACVLAN_MACADDR_ADD (or MACVLAN_MACADDR_SET) parameter, lower device already has a macvlan port and register_netdevice() called from macvlan_common_newlink() fails (e.g. because of the invalid link name). In this case macvlan_hash_add_source is called from macvlan_change_sources() / macvlan_common_newlink(): This adds a reference to vlan to the port's vlan_source_hash using macvlan_sourc...

ELSA-2026-50145

oracle-oval

16 дней назад

ELSA-2026-50145: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 2%

0.00014

Низкий

7.8 High

CVSS3

Дефекты

CWE-416