#VU124926 Out-of-bounds read in Linux kernel - CVE-2026-23448
Published: April 6, 2026
Vulnerability identifier: #VU124926
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-23448
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in cdc_ncm_rx_verify_ndp16() and cdc_ncm_rx_fixup() when parsing a crafted NDP16 structure in a received NTB. A remote attacker can send a specially crafted network packet to disclose sensitive information.
The issue occurs because the DPE array size check does not account for ndpoffset, allowing DPE entries near the end of the buffer to extend past the skb data buffer and be read out of bounds.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/2aa8a4fa8d5b7d0e1ebcec100e1a4d80a1f4b21a
- https://git.kernel.org/stable/c/403f94ddcb36c552fbef51dea735b131e3dcde8b
- https://git.kernel.org/stable/c/789204f980730258c983102c027c375238009c80
- https://git.kernel.org/stable/c/dce9dda0e3707e887977db44407989e9ead26611
- https://git.kernel.org/stable/c/f1c7701d3ac91b62d672c13690cf295821f0d5c3