SB20260325100 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in Linux kernel x86 entry
Published: March 25, 2026
Security Bulletin ID
SB20260325100
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') (CVE-ID: CVE-2026-23354)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper bounds checking in the x86/fred component when handling speculative execution of interrupts. A local user can trigger a use of an out-of-bounds array index during interrupt handling to execute arbitrary code.
The issue arises because the array index is spilled to the stack before use, making it vulnerable to speculative execution attacks.
Remediation
Install update from vendor's website.