-

CVE-2026-23262

EPSS 0.04%
Veröffentlicht 18.03.2026 17:41:08
Zuletzt bearbeitet 19.03.2026 13:25:00
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

gve: Fix stats report corruption on queue count change

In the Linux kernel, the following vulnerability has been resolved:

gve: Fix stats report corruption on queue count change

The driver and the NIC share a region in memory for stats reporting.
The NIC calculates its offset into this region based on the total size
of the stats region and the size of the NIC's stats.

When the number of queues is changed, the driver's stats region is
resized. If the queue count is increased, the NIC can write past
the end of the allocated stats region, causing memory corruption.
If the queue count is decreased, there is a gap between the driver
and NIC stats, leading to incorrect stats reporting.

This change fixes the issue by allocating stats region with maximum
size, and the offset calculation for NIC stats is changed to match
with the calculation of the NIC.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

CNA 2 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c

Version < f432f7613c220db32c2c6942420daf7b3f2e7d7e

Status affected

Version 24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c

Version < 9d93332397405b62a3300b22d04ac65d990b91ff

Status affected

Version 24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c

Version < 837c662f47dac43efa1aef2dd433c6b4b4c073af

Status affected

Version 24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c

Version < df54838ab61826ecc1a562ffa5e280c3ab7289a7

Status affected

Version 24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c

Version < 9fa0a755db3e1945fe00f73fe27d85ef6c8818b7

Status affected

Version 24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c

Version < 11f8311f69e4c361717371b4901ff92daeb76e9c

Status affected

Version 24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c

Version < 7b9ebcce0296e104a0d82a6b09d68564806158ff

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.10

Status affected

Version 0

Version < 5.10

Status unaffected

Version <= 5.10.*

Version 5.10.250

Status unaffected

Version <= 5.15.*

Version 5.15.200

Status unaffected

Version <= 6.1.*

Version 6.1.163

Status unaffected

Version <= 6.6.*

Version 6.6.124

Status unaffected

Version <= 6.12.*

Version 6.12.70

Status unaffected

Version <= 6.18.*

Version 6.18.10

Status unaffected

Version <= *

Version 6.19

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/f432f7613c220db32c2c6942420daf7b3f2e7d7e

https://git.kernel.org/stable/c/9d93332397405b62a3300b22d04ac65d990b91ff

https://git.kernel.org/stable/c/837c662f47dac43efa1aef2dd433c6b4b4c073af

https://git.kernel.org/stable/c/df54838ab61826ecc1a562ffa5e280c3ab7289a7

https://git.kernel.org/stable/c/9fa0a755db3e1945fe00f73fe27d85ef6c8818b7

https://git.kernel.org/stable/c/11f8311f69e4c361717371b4901ff92daeb76e9c

https://git.kernel.org/stable/c/7b9ebcce0296e104a0d82a6b09d68564806158ff

https://nvd.nist.gov/vuln/detail/CVE-2026-23262

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23262

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23262

EUVD