CVE-2026-23448Improper Validation of Specified Index, Position, or Offset in Input in Linux

CWE-1285Improper Validation of Specified Index, Position, or Offset in Input6 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset: if ((ndpoffset + sizeof(struct usb_cdc_ncm_ndp16)) > skb_in->len) but the second check omits it: if ((sizeof(struct usb_cdc_ncm_ndp16) + ret * (sizeof(struct usb_cdc_ncm_dpe16))) > skb_in->len) This validates the DPE

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linuxff06ab13a4ccae4acb44a2d4e3ece367b616ab50f1c7701d3ac91b62d672c13690cf295821f0d5c3+5
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
OSV
CVE-2026-23448: In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify_n2026-04-03
GHSA
GHSA-pjhh-88pp-3hg6: In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check2026-04-03
Debian
CVE-2026-23448: linux - In the Linux kernel, the following vulnerability has been resolved: net: usb: c...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23448 Impact, Exploitability, and Mitigation Steps | Wiz