CVE-2026-23262Incorrect Calculation of Buffer Size in Linux

CWE-131Incorrect Calculation of Buffer Size8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based on the total size of the stats region and the size of the NIC's stats. When the number of queues is changed, the driver's stats region is resized. If the queue count is increased, the NIC can write past the end of the allocated stats region, causing me

Affected Packages3 packages

Linuxlinux/linux_kernel5.10.05.10.250+5
Debianlinux/linux_kernel< 5.10.251-1+3
CVEListV5linux/linux24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540cf432f7613c220db32c2c6942420daf7b3f2e7d7e+7

🔴Vulnerability Details

4
CVEList
gve: Fix stats report corruption on queue count change2026-03-18
OSV
gve: Fix stats report corruption on queue count change2026-03-18
OSV
CVE-2026-23262: In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC shar2026-03-18
GHSA
GHSA-2rm5-c5x9-v5x4: In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC sh2026-03-18

📋Vendor Advisories

2
Red Hat
kernel: gve: Fix stats report corruption on queue count change2026-03-18
Debian
CVE-2026-23262: linux - In the Linux kernel, the following vulnerability has been resolved: gve: Fix st...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23262 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23262 — Incorrect Calculation of Buffer Size | cvebase