CVE-2026-23377Incorrect Calculation of Buffer Size in Linux

CWE-131Incorrect Calculation of Buffer Size8 documents7 sources
Severity
7.1HIGH
No vector
EPSS
0.0%
top 93.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz The only user of frag_size field in XDP RxQ info is bpf_xdp_frags_increase_tail(). It clearly expects whole buff size instead of DMA write size. Different assumptions in ice driver configuration lead to negative tailroom. This allows to trigger kernel panic, when using XDP_ADJUST_TAIL_GROW_MULTI_BUFF xskxceiver test and changing packet size to 6912 and the re

Affected Packages5 packages

Linuxlinux/linux_kernel6.3.06.19.7
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux2fba7dc5157b6f85dbf1b8e26e63a724db1f3d79b0f05100e8795aadd1c0606bae9caefbda070d63+2
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23377: In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ frag_size from DMA write length to xdp2026-03-25
GHSA
GHSA-r46f-q3f8-wrrg: In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ frag_size from DMA write length to xdp2026-03-25
OSV
ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz2026-03-25
Microsoft
ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz2026-03-10
Debian
CVE-2026-23377: linux - In the Linux kernel, the following vulnerability has been resolved: ice: change...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23377 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23377 — Incorrect Calculation of Buffer Size | cvebase