CVE-2026-23383 — Incorrect Pointer Scaling in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
struct bpf_plt contains a u64 target field. Currently, the BPF JIT
allocator requests an alignment of 4 bytes (sizeof(u32)) for the JIT
buffer.
Because the base address of the JIT buffer can be 4-byte aligned (e.g.,
ending in 0x4 or 0xc), the relative padding logic in build_plt() fails
to ensure that target lands on an 8-byte boundary.
This leads to …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
▶CVEListV5linux/linuxb2ad54e1533e91449cb2a371e034942bd7882b58 — 80ad264da02cc4aee718e799c2b79f0f834673dc+4
🔴Vulnerability Details
4GHSA▶
GHSA-887m-4qrh-hjq5: In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
stru↗2026-03-25
OSV▶
CVE-2026-23383: In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing struct↗2026-03-25
📋Vendor Advisories
3Red Hat
▶
Debian▶
CVE-2026-23383: linux - In the Linux kernel, the following vulnerability has been resolved: bpf, arm64:...↗2026