CVE-2026-23386Improper Validation of Specified Index, Position, or Offset in Input in Linux

CWE-1285Improper Validation of Specified Index, Position, or Offset in Input8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL In DQ-QPL mode, gve_tx_clean_pending_packets() incorrectly uses the RDA buffer cleanup path. It iterates num_bufs times and attempts to unmap entries in the dma array. This leads to two issues: 1. The dma array shares storage with tx_qpl_buf_ids (union). Interpreting buffer IDs as DMA addresses results in attempting to unmap incorrect memory locations.

Affected Packages5 packages

Linuxlinux/linux_kernel6.6.06.6.130+3
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linuxa6fb8d5a8b6925f1e635818d3dd2d89531d4a05871511dae56a75ce161aa746741e5c498feaea393+5
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23386: In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL In DQ-QP2026-03-25
GHSA
GHSA-qq3v-279p-2285: In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL In DQ-2026-03-25
OSV
gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL2026-03-25
Microsoft
gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL2026-03-10
Debian
CVE-2026-23386: linux - In the Linux kernel, the following vulnerability has been resolved: gve: fix in...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23386 Impact, Exploitability, and Mitigation Steps | Wiz