CVE-2026-23172
Severity
5.5MEDIUM
EPSS
0.0%
top 96.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 14
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
net: wwan: t7xx: fix potential skb->frags overflow in RX path
When receiving data in the DPMAIF RX path,
the t7xx_dpmaif_set_frag_to_skb() function adds
page fragments to an skb without checking if the number of
fragments has exceeded MAX_SKB_FRAGS. This could lead to a buffer overflow
in skb_shinfo(skb)->frags[] array, corrupting adjacent memory and
potentially causing kernel crashes or other undefined behavior.
This issue w…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5linux/linuxd642b012df70a76dd5723f2d426b40bffe83ac49 — f9747a7521a48afded5bff2faf1f2dcfff48c577+5
Patches
🔴Vulnerability Details
4VulDB▶
Linux Kernel up to 6.1.161/6.6.122/6.12.68/6.18.8 t7xx_dpmaif_set_frag_to_skb frags[] buffer overflow (Nessus ID 299343 / WID-SEC-2026-0421)↗2026-04-13
GHSA▶
GHSA-m5mw-gf4c-pwc3: In the Linux kernel, the following vulnerability has been resolved:
net: wwan: t7xx: fix potential skb->frags overflow in RX path
When receiving dat↗2026-02-14
OSV▶
CVE-2026-23172: In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: fix potential skb->frags overflow in RX path When receiving data↗2026-02-14