gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL

Description

A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.129/6.12.77/6.18.16/6.19.6/7.0-rc1. This impacts the function gve_tx_clean_pending_packets of the file drivers/net/ethernet/drivers/net/ethernet/google/gve/gve_tx_dqo.c of the component gve. The manipulation leads to improper validation of array index. This vulnerability is documented as CVE-2026-23386. The attack requires being on the local network. It is suggested to upgrade the affected component.

Affected Products

Vendor	Product	Versions
Linux	Linux	a6fb8d5a8b6925f1e635818d3dd2d89531d4a058, a6fb8d5a8b6925f1e635818d3dd2d89531d4a058, a6fb8d5a8b6925f1e635818d3dd2d89531d4a058, a6fb8d5a8b6925f1e635818d3dd2d89531d4a058, a6fb8d5a8b6925f1e635818d3dd2d89531d4a058, 6.6, 6.6.129, 6.12.77, 6.18.16, 6.19.6, 7.0-rc1

References

Related News (2 articles)

Tier C

VulDB5h ago

CVE-2026-23386 | Linux Kernel up to 6.6.129/6.12.77/6.18.16/6.19.6/7.0-rc1 gve gve_tx_dqo.c gve_tx_clean_pending_packets array index

→ No new info (linked only)

Tier C

Linux Kernel CVEs6h ago

CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Published3/25/2026

Last enriched3h agov2

Trending Score50

Source articles2

Independent2

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 3h ago

v2Tier C3h ago

Updated description with critical vulnerability details, added new affected versions, and changed severity to CRITICAL.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v16h ago

Initial creation