CVE-2026-23359 — Out-of-bounds Write in Linux

CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 90.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap get_upper_ifindexes() iterates over all upper devices and writes their indices into an array without checking bounds. Also the callers assume that the max number of upper devices is MAX_NEST_DEV and allocate excluded_devices[1+MAX_NEST_DEV] on the stack, but that assumption is not correct and the number of upper devices could be larger than MAX_NEST_DEV (e.g., many macvlans), causi…

Affected Packages5 packages

▶Linuxlinux/linux_kernel5.15.0 — 6.1.167+4

▶Debianlinux/linux_kernel< 6.19.8-1

▶msrcmsrc/azl3_kernel_6.6.126.1-1_on_azure_linux_3.0

▶CVEListV5linux/linuxaeea1b86f9363f3feabb496534d886f082a89f21 — 5000e40acc8d0c36ab709662e32120986ac22e7e+6

▶debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

OSV

CVE-2026-23359: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap get_upper_ifindexes() iterates over a↗2026-03-25

▶

GHSA

GHSA-5m94-46x3-f942: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap get_upper_ifindexes() iterates over↗2026-03-25

▶

OSV

bpf: Fix stack-out-of-bounds write in devmap↗2026-03-25

▶

📋Vendor Advisories

Red Hat

kernel: bpf: Fix stack-out-of-bounds write in devmap↗2026-03-25

▶

Microsoft

bpf: Fix stack-out-of-bounds write in devmap↗2026-03-10

▶

Debian

CVE-2026-23359: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix st...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23359 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶