CVE-2026-23048
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
udp: call skb_orphan() before skb_attempt_defer_free()
Standard UDP receive path does not use skb->destructor.
But skmsg layer does use it, since it calls skb_set_owner_sk_safe() from udp_read_skb().
This then triggers this warning in skb_attempt_defer_free():
DEBUG_NET_WARN_ON_ONCE(skb->destructor);
We must call skb_orphan() to fix this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 6471658dc66c670580a7616e75f51b52917e7883 < 0c63d5683eae6a7b4d81382bcbecb2a19feff90d | affected |
| Linux | Linux | 6471658dc66c670580a7616e75f51b52917e7883 < e5c8eda39a9fc1547d1398d707aa06c1d080abdd | affected |
| Linux | Linux | 6.18 | affected |
| Linux | Linux | 0 < 6.18 | unaffected |
| Linux | Linux | 6.18.6 <= 6.18.* | unaffected |
| Linux | Linux | 6.19 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/0c63d5683eae6a7b4d81382bcbecb2a19feff90d
- https://git.kernel.org/stable/c/e5c8eda39a9fc1547d1398d707aa06c1d080abdd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.