Improper Check for Unusual or Exceptional Conditions in Linux kernel - CVE-2026-23254
Published: March 20, 2026
Vulnerability identifier: #VU124194
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-23254
CWE-ID: CWE-754
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the UDP GRO complete stage when handling network packets. A remote attacker can send specially crafted network packets to cause a denial of service.
The issue arises because the udp4_gro_complete() function uses an incorrect network offset to compute the outer UDP header pseudo checksum when the 'encapsulation' flag is set, leading to checksum validation errors and subsequent packet processing failures.
How to mitigate CVE-2026-23254
Install security update from vendor's repository.