#VU124194 Improper Check for Unusual or Exceptional Conditions in Linux kernel - CVE-2026-23254
Published: March 20, 2026
Vulnerability identifier: #VU124194
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-23254
CWE-ID: CWE-754
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the UDP GRO complete stage when handling network packets. A remote attacker can send specially crafted network packets to cause a denial of service.
The issue arises because the udp4_gro_complete() function uses an incorrect network offset to compute the outer UDP header pseudo checksum when the 'encapsulation' flag is set, leading to checksum validation errors and subsequent packet processing failures.
Remediation
Install security update from vendor's repository.