7.8
CVE-2026-23001
- EPSS 0.19%
- Veröffentlicht 25.01.2026 14:36:15
- Zuletzt bearbeitet 27.04.2026 14:16:28
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
macvlan: fix possible UAF in macvlan_forward_source()
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts. This allows macvlan_forward_source() to skip over entries queued for freeing. Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)). https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.18.1 < 5.10.249
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.199
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.162
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.122
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.67
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.7
Linux ≫ Linux Kernel Version3.18 Update-
Linux ≫ Linux Kernel Version6.19 Updaterc1
Linux ≫ Linux Kernel Version6.19 Updaterc2
Linux ≫ Linux Kernel Version6.19 Updaterc3
Linux ≫ Linux Kernel Version6.19 Updaterc4
Linux ≫ Linux Kernel Version6.19 Updaterc5
Linux ≫ Linux Kernel Version6.19 Updaterc6
Linux ≫ Linux Kernel Version6.19 Updaterc7
Linux ≫ Linux Kernel Version6.19 Updaterc8
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.084 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/8518712a2ca952d6da2238c6f0a16b4ae5ea3f13
https://git.kernel.org/stable/c/6dbead9c7677186f22b7981dd085a0feec1f038e
https://git.kernel.org/stable/c/7470a7a63dc162f07c26dbf960e41ee1e248d80e
https://git.kernel.org/stable/c/15f6faf36e162532bec5cc05eb3fc622108bf2ed
https://git.kernel.org/stable/c/232afc74a6dde0fe1830988e5827921f5ec9bb3f
https://git.kernel.org/stable/c/484919832e2db6ce1e8add92c469e5d459a516b5
https://git.kernel.org/stable/c/8133e85b8a3ec9f10d861e0002ec6037256e987e