Security News

Cybersecurity news aggregator

🔓
HIGH Vulnerabilities NIST NVD

CVE-2026-23001: In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in ma...

cve-2026-23001linux-kernelmacvlanuse-after-free
A use-after-free vulnerability has been resolved in the Linux kernel's macvlan implementation. The vulnerability, identified as CVE-2026-23001, exists in the macvlan_forward_source() function and can be triggered due to missing RCU protection, potentially leading to code execution or denial of service.
Read Full Article →

In the Linux kernel, the following vulnerability has been resolved:

macvlan: fix possible UAF in macvlan_forward_source()

Add RCU protection on (struct macvlan_source_entry)->vlan.

Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts.

This allows macvlan_forward_source() to skip over entries queued for freeing.

Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)).

https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u

Related Articles

HIGH CVE-2025-71162: In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-... NIST NVD MEDIUM CVE-2026-22999: In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free... NIST NVD HIGH CVE-2026-23004: In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_... NIST NVD HIGH CVE-2026-23010: In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in ine... NIST NVD
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn