Main Vulnerability Database SB20260325121

SB20260325121 - Incomplete Blacklist to Cross-Site Scripting in Linux kernel intel libie driver

Published: March 25, 2026

Security Bulletin ID SB20260325121

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incomplete Blacklist to Cross-Site Scripting (CVE-ID: CVE-2026-23329)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper input validation in the libie_fwlog_deinit() function when handling driver unload operations. A local user can trigger the unloading of the ixgbe driver in recovery mode to cause a system crash.

Exploitation does not require elevated privileges but requires the ability to unload kernel modules.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/0138d1cdb19fa49181a5aaba32427f1787cb3935
https://git.kernel.org/stable/c/460c56ecbef57684aad1d6af525b89dcd3565701
https://git.kernel.org/stable/c/636cc3bd12f499c74eaf5dc9a7d5b832f1bb24ed