CVE-2026-23001

Summary

In the Linux kernel, the following vulnerability has been resolved:

macvlan: fix possible UAF in macvlan_forward_source()

Add RCU protection on (struct macvlan_source_entry)->vlan.

Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts.

This allows macvlan_forward_source() to skip over entries queued for freeing.

Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)).

https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u

Affected Software

VendorProductVersion RangeStatus
LinuxLinux79cf79abce71eb7dbc40e2f3121048ca5405cb47 < 8133e85b8a3ec9f10d861e0002ec6037256e987eaffected
LinuxLinux79cf79abce71eb7dbc40e2f3121048ca5405cb47 < 484919832e2db6ce1e8add92c469e5d459a516b5affected
LinuxLinux79cf79abce71eb7dbc40e2f3121048ca5405cb47 < 232afc74a6dde0fe1830988e5827921f5ec9bb3faffected
LinuxLinux79cf79abce71eb7dbc40e2f3121048ca5405cb47 < 15f6faf36e162532bec5cc05eb3fc622108bf2edaffected
LinuxLinux79cf79abce71eb7dbc40e2f3121048ca5405cb47 < 8518712a2ca952d6da2238c6f0a16b4ae5ea3f13affected
LinuxLinux79cf79abce71eb7dbc40e2f3121048ca5405cb47 < 6dbead9c7677186f22b7981dd085a0feec1f038eaffected
LinuxLinux79cf79abce71eb7dbc40e2f3121048ca5405cb47 < 7470a7a63dc162f07c26dbf960e41ee1e248d80eaffected
LinuxLinux3.18affected
LinuxLinux0 < 3.18unaffected
LinuxLinux5.10.249 <= 5.10.*unaffected
LinuxLinux5.15.199 <= 5.15.*unaffected
LinuxLinux6.1.162 <= 6.1.*unaffected
LinuxLinux6.6.122 <= 6.6.*unaffected
LinuxLinux6.12.67 <= 6.12.*unaffected
LinuxLinux6.18.7 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References