CVE-2026-23459

EPSS 0.06%
Veröffentlicht 03.04.2026 15:15:39
Zuletzt bearbeitet 27.04.2026 14:16:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS

In the Linux kernel, the following vulnerability has been resolved:

ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS

Blamed commits forgot that vxlan/geneve use udp_tunnel[6]_xmit_skb() which
call iptunnel_xmit_stats().

iptunnel_xmit_stats() was assuming tunnels were only using
NETDEV_PCPU_STAT_TSTATS.

@syncp offset in pcpu_sw_netstats and pcpu_dstats is different.

32bit kernels would either have corruptions or freezes if the syncp
sequence was overwritten.

This patch also moves pcpu_stat_type closer to dev->{t,d}stats to avoid
a potential cache line miss since iptunnel_xmit_stats() needs to read it.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

CNA 2 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version be226352e8dc77d3313c096b2d8e7f69bf6980fc

Version < 0d087d00161f562d5047cc4009bb0c6a19daf9f1

Status affected

Version be226352e8dc77d3313c096b2d8e7f69bf6980fc

Version < 8431c602f551549f082bbfa67f3003f2d8e3e132

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.14

Status affected

Version 0

Version < 6.14

Status unaffected

Version <= 6.19.*

Version 6.19.10

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.176

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/0d087d00161f562d5047cc4009bb0c6a19daf9f1

https://git.kernel.org/stable/c/8431c602f551549f082bbfa67f3003f2d8e3e132

https://nvd.nist.gov/vuln/detail/CVE-2026-23459

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23459

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23459

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23459