CVE-2026-23316Incorrect Pointer Scaling in Linux

CWE-468Incorrect Pointer Scaling7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed `struct sysctl_fib_multipath_hash_seed` contains two u32 fields (user_seed and mp_seed), making it an 8-byte structure with a 4-byte alignment requirement. In `fib_multipath_hash_from_keys()`, the code evaluates the entire struct atomically via `READ_ONCE()`: mp_seed = READ_ONCE(net->ipv4.sysctl_fib_multipath_hash_seed).mp_seed; While this silently works on GCC by

Affected Packages4 packages

Linuxlinux/linux_kernel6.11.06.12.77+2
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux4ee2a8cace3fb9a34aea6a56426f89d26dd514f34bdc94d45d5459f0149085dfc1efe733c8e14f11+4
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-vcmv-6vcp-286q: In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed `struct sysctl_fib_m2026-03-25
OSV
CVE-2026-23316: In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed `struct sysctl_fib_mul2026-03-25
OSV
net: ipv4: fix ARM64 alignment fault in multipath hash seed2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: net: ipv4: fix ARM64 alignment fault in multipath hash seed2026-03-25
Debian
CVE-2026-23316: linux - In the Linux kernel, the following vulnerability has been resolved: net: ipv4: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23316 Impact, Exploitability, and Mitigation Steps | Wiz