CVE-2026-23254Linux vulnerability

8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the `encapsulation` flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading the checksum for an UDP encapsulated traffic, the tun driver can inject GSO packets with UDP encapsulation and the problematic layout can also be created via a veth based setup. Due to the above, in

Affected Packages3 packages

Linuxlinux/linux_kernel6.7.06.12.70+2
Debianlinux/linux_kernel< 6.12.73-1+1
CVEListV5linux/linuxaf276a5ac8e938c8b058e3e124073cc1e322d98b9d40a85138568696387ef04cd004c64612a70874+5

🔴Vulnerability Details

4
OSV
CVE-2026-23254: In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the2026-03-18
GHSA
GHSA-wjrj-hvqv-fw2v: In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all t2026-03-18
OSV
net: gro: fix outer network offset2026-03-18
CVEList
net: gro: fix outer network offset2026-03-18

📋Vendor Advisories

2
Red Hat
kernel: net: gro: fix outer network offset2026-03-18
Debian
CVE-2026-23254: linux - In the Linux kernel, the following vulnerability has been resolved: net: gro: f...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23254 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23254 — Linux vulnerability | cvebase