#VU124925 Out-of-bounds read in Linux kernel - CVE-2026-23447
Published: April 6, 2026
Vulnerability identifier: #VU124925
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-23447
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in cdc_ncm_rx_verify_ndp32() when processing a crafted NDP32 structure in a received NTB. A remote attacker can send a specially crafted network packet to disclose sensitive information.
The issue occurs because the DPE array size is validated against the total skb length without accounting for ndpoffset, allowing reads beyond the intended bounds when the NDP32 is placed near the end of the NTB.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/125f932a76a97904ef8a555f1dd53e5d0e288c54
- https://git.kernel.org/stable/c/77914255155e68a20aa41175edeecf8121dac391
- https://git.kernel.org/stable/c/a5bd5a2710310c965ea4153cba4210988a3454e2
- https://git.kernel.org/stable/c/af0d1613d6751489dbf9f69aac1123f0b1e566e5
- https://git.kernel.org/stable/c/de70da1fb1d152e981ecb3157f7ec2b633005c16