CVE-2026-23378Classic Buffer Overflow in Linux

CWE-120Classic Buffer Overflow8 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside from being innapropriate behavior, this may lead to an unbounded addition of metadata to the metalist which might cause an out of bounds error when running the encode op: [ 138.423369][ C1] ============================

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

Linuxlinux/linux_kernel4.15.06.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linuxaa9fd9a325d51fa0b11153b03b8fefff569fa95556ade7ddea6ce605552341785d08e365c3f61861+6
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23378: In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: Fix metalist update behavior Whenever an ife action replace ch2026-03-25
GHSA
GHSA-rj9j-3xqh-hv6f: In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: Fix metalist update behavior Whenever an ife action replace2026-03-25
OSV
net/sched: act_ife: Fix metalist update behavior2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: net/sched: act_ife: Fix metalist update behavior2026-03-25
Microsoft
net/sched: act_ife: Fix metalist update behavior2026-03-10
Debian
CVE-2026-23378: linux - In the Linux kernel, the following vulnerability has been resolved: net/sched: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23378 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23378 — Classic Buffer Overflow in Linux | cvebase