CVE-2026-23083

8 documents8 sources
Severity
7.8HIGH
EPSS
0.0%
top 95.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 4
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOU_ATTR_IPPROTO. fou_udp_recv() has the same problem mentioned in the previous patch. If FOU_ATTR_IPPROTO is set to 0, skb is not freed by fou_udp_recv() nor "resubmit"-ted in ip_protocol_deliver_rcu(). Let's forbid 0 for FOU_ATTR_IPPROTO.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel3.185.10.249+6
CVEListV5linux/linux23461551c00628c3f3fe9cf837bf53cf8f212b63c7498f9bc390479ccfad7c7f2332237ff4945b03+7
Debianlinux< 5.10.249-1+3
Debianlinux-6.1< 6.1.162-1~deb11u1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-v7qx-38vp-6jx8: In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOU_ATTR_IPPROTO2026-02-04
CVEList
fou: Don't allow 0 for FOU_ATTR_IPPROTO.2026-02-04
OSV
CVE-2026-23083: In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOU_ATTR_IPPROTO2026-02-04

📋Vendor Advisories

3
Ubuntu
Linux kernel (NVIDIA Tegra) vulnerabilities2026-04-09
Red Hat
kernel: fou: Don't allow 0 for FOU_ATTR_IPPROTO2026-02-04
Debian
CVE-2026-23083: linux - In the Linux kernel, the following vulnerability has been resolved: fou: Don't ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23083 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23083 (HIGH CVSS 7.8) | In the Linux kernel | cvebase.io