Zero Day MonitorZDM

← Back to list

7.8

CVE-2026-23001PATCHED

linux · linux_kernel

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan

Description

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts. This allows macvlan_forward_source() to skip over entries queued for freeing. Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)). https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u

Affected Products

Vendor	Product	Versions
linux	linux_kernel	< 5.10.249, < 5.15.199, < 6.1.162, < 6.6.122, < 6.12.67, < 6.18.7

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
amazon	amazon linux	cert_advisory	90%
canonical	ubuntu linux	cert_advisory	90%
debian	debian linux	cert_advisory	90%
ibm	ibm qradar siem	cert_advisory	90%
open source	open source linux kernel	cert_advisory	90%

References

Related News (6 articles)

Tier B

CERT-FR17h ago

Multiples vulnérabilités dans le noyau Linux d'Ubuntu (10 avril 2026)

→ No new info (linked only)

Tier B

CERT-FR17h ago

Multiples vulnérabilités dans le noyau Linux de Red Hat (10 avril 2026)

→ No new info (linked only)

Tier B

CERT-FR7d ago

Multiples vulnérabilités dans le noyau Linux de SUSE (03 avril 2026)

→ No new info (linked only)

Tier B

CERT-FR7d ago

Multiples vulnérabilités dans le noyau Linux de Red Hat (03 avril 2026)

→ No new info (linked only)

Tier B

BSI Advisories8d ago

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR14d ago

Multiples vulnérabilités dans le noyau Linux de SUSE (27 mars 2026)

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

5.10.2495.15.1996.1.1626.6.1226.12.676.18.7

CWECWE-416

PublishedJan 25, 2026

Last enriched8d ago

Trending Score39

Source articles6

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-23406EXP

apparmor: fix side-effect bug in match_char() macro usage

HIGHCVE-2026-23400EXP

In the Linux kernel, the following vulnerability has been resolved: rust_binder: call set_notification_done() without proc lock Consider the following sequence of events on a death listener: 1. The

HIGHCVE-2026-31412EXP

usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks()

HIGHCVE-2026-23398EXP

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation() unconditionally dereferences the result of rcu_d

HIGHCVE-2025-71075

In the Linux kernel, the following vulnerability has been resolved: scsi: aic94xx: fix use-after-free in device removal path The asd_pci_remove() function fails to synchronize with pending tasklets

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Jan 25, 2026

Patch Available

Mar 25, 2026

Discovered by ZDM

Apr 1, 2026