Zero Day MonitorZDM

← Back to list

—

CVE-2026-23416EXPLOITEDPATCHED

linux · linux kernel

mm/mseal: update VMA end correctly on merge

Description

A vulnerability has been found in Linux Kernel up to 6.18.20/6.19.10/7.0-rc5 and classified as critical. Affected by this issue is the function vma_modify_flags. Performing a manipulation results in excessive iteration. This vulnerability is identified as CVE-2026-23416. The attack can only be performed from the local network. The affected component should be upgraded.

Affected Products

Vendor	Product	Versions
linux	linux kernel	6c2da14ae1e0a0146587381594559027bd46c059, 6c2da14ae1e0a0146587381594559027bd46c059, 6c2da14ae1e0a0146587381594559027bd46c059, 6.17, 6.18.20, 6.19.10, 7.0-rc5

References

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-23416 | Linux Kernel up to 6.18.20/6.19.10/7.0-rc5 vma_modify_flags iteration

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

40b3f4700e5535fbe74738cebb9379a40ec66bed83737e34b83a23b2a9bcf586b058b2c2a54c7c6b2697dd8ae721db4f6a53d4f4cbd438212a80f8dc06.18.216.19.117.0-rc6

PublishedApr 2, 2026

Last enriched2h agov2

Trending Score49

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-23413EXP

clsact: Fix use-after-free in init/destroy rollback asymmetry

CRITICALCVE-2026-23417EXP

bpf: Fix constant blinding for PROBE_MEM32 stores

MEDIUMCVE-2026-22977

In the Linux kernel, the following vulnerability has been resolved: net: sock: fix hardened usercopy panic in sock_recv_errqueue skbuff_fclone_cache was created without defining a usercopy region, [

CRITICALCVE-2026-23414

tls: Purge async_hold in tls_decrypt_async_wait()

CRITICALCVE-2026-23412

netfilter: bpf: defer hook memory release until rcu readers are done

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Actively Exploited

Apr 2, 2026

Patch Available

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: description, affectedVersions, severity, activelyExploited

Apr 2, 2026

Version History

v2

Last enriched 2h ago

v2Tier C2h ago

Updated description with critical vulnerability details, affected versions, and severity changed to CRITICAL.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v12h ago

Initial creation