Main Vulnerability Database SB2026032098

SB2026032098 - Out-of-bounds read in Linux kernel core

Published: March 20, 2026

Security Bulletin ID SB2026032098

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2026-23255)

The vulnerability allows a local attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the /proc/net/ptype component when handling RCU-protected network device references. A local attacker can exploit a race condition during iteration of packet types to cause a denial of service.

The issue arises from missing RCU protection when accessing pt->dev in ptype_seq_show() and ptype_seq_next(), allowing concurrent modifications to trigger an RCU stall.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/589a530ae44d0c80f523fcfd1a15af8087f27d35
https://git.kernel.org/stable/c/f613e8b4afea0cd17c7168e8b00e25bc8d33175d