CVE-2026-23354Processor Optimization Removal or Modification of Security-critical Code in Linux

CWE-1037Processor Optimization Removal or Modification of Security-critical Code8 documents7 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 93.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fred_extint() array_index_nospec() is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory predictions. For all practical purposes, this means array_index_nospec() must be used in the expression that accesses the array. As the code currently stands, it's the wrong side of irqentry_enter(), and 'index' is put into %ebp a

Affected Packages3 packages

Linuxlinux/linux_kernel6.9.06.12.77+2
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux14619d912b658ecd9573fb88400d3830a29cadcb3bc5887b0a2b06d2d9c22f1f4f8500490b3ae643+4

🔴Vulnerability Details

4
GHSA
GHSA-4jgp-jccm-6ppx: In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fred_extint() array_index_nospec() is no2026-03-25
CVEList
x86/fred: Correct speculative safety in fred_extint()2026-03-25
OSV
CVE-2026-23354: In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fred_extint() array_index_nospec() is no u2026-03-25
OSV
x86/fred: Correct speculative safety in fred_extint()2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: x86/fred: Correct speculative safety in fred_extint()2026-03-25
Debian
CVE-2026-23354: linux - In the Linux kernel, the following vulnerability has been resolved: x86/fred: C...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23354 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23354 — Linux vulnerability | cvebase