CVE-2026-23001 — Use After Free in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 98.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 25
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
macvlan: fix possible UAF in macvlan_forward_source()
Add RCU protection on (struct macvlan_source_entry)->vlan.
Whenever macvlan_hash_del_source() is called, we must clear
entry->vlan pointer before RCU grace period starts.
This allows macvlan_forward_source() to skip over
entries queued for freeing.
Note that macvlan_dev are already RCU protected, as they
are embedded in a standard netdev (netdev_priv(ndev)).
https: //lo…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages13 packages
▶CVEListV5linux/linux79cf79abce71eb7dbc40e2f3121048ca5405cb47 — 8133e85b8a3ec9f10d861e0002ec6037256e987e+7
Patches
🔴Vulnerability Details
3OSV▶
CVE-2026-23001: In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struc↗2026-01-25
GHSA▶
GHSA-vgc7-m4r9-xw45: In the Linux kernel, the following vulnerability has been resolved:
macvlan: fix possible UAF in macvlan_forward_source()
Add RCU protection on (str↗2026-01-25