Out-of-bounds write in Linux kernel - CVE-2026-23359
Published: March 25, 2026
Vulnerability identifier: #VU124489
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23359
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to execute arbitrary code or cause a denial of service.
The vulnerability exists due to a boundary error in the BPF devmap component when handling upper device interface indices. A local user can trigger a stack-out-of-bounds write by creating more than MAX_NEST_DEV (8) macvlans on a device with an XDP program attached using BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS and sending a packet to the device, leading to memory corruption.
To exploit this vulnerability, the attacker must have the ability to create macvlan devices and attach XDP programs, which requires local access and privileges to perform network configuration.
How to mitigate CVE-2026-23359
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/5000e40acc8d0c36ab709662e32120986ac22e7e
- https://git.kernel.org/stable/c/75d474702b2ba8b6bcb26eb3004dbc5e95ffd5d2
- https://git.kernel.org/stable/c/8a95fb9df1105b1618872c2846a6c01e3ba20b45
- https://git.kernel.org/stable/c/b7bf516c3ecd9a2aae2dc2635178ab87b734fef1
- https://git.kernel.org/stable/c/ca831567908fd3f73cf97d8a6c09a5054697a182
- https://git.kernel.org/stable/c/d2c31d8e03d05edc16656e5ffe187f0d1da763d7