← Back

CVE-2026-23001

nvd nist
Published: Jan 25, 2026Modified: Jun 17, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts. This allows macvlan_forward_source() to skip over entries queued for freeing. Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)). https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u

Affected (15)

Products: Linux: Linux Kernel
1 product
Linux Kernel
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Linux
From 3.18.1 to 5.10.249
From 5.11 to 5.15.199
From 5.16 to 6.1.162
From 6.13 to 6.18.7
From 6.2 to 6.6.122
From 6.7 to 6.12.67
Version 3.18
Version 6.19 rc1
Version 6.19 rc2
Version 6.19 rc3
Version 6.19 rc4
Version 6.19 rc5
Version 6.19 rc6
Version 6.19 rc7
Version 6.19 rc8

References (7)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch

Timeline

No history available yet.