CVE-2026-23459Incorrect Synchronization in Linux

CWE-821Incorrect Synchronization6 documents6 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 93.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS Blamed commits forgot that vxlan/geneve use udp_tunnel[6]_xmit_skb() which call iptunnel_xmit_stats(). iptunnel_xmit_stats() was assuming tunnels were only using NETDEV_PCPU_STAT_TSTATS. @syncp offset in pcpu_sw_netstats and pcpu_dstats is different. 32bit kernels would either have corruptions or freezes if the syncp sequence was overwritten. This patch also

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linuxbe226352e8dc77d3313c096b2d8e7f69bf6980fc0d087d00161f562d5047cc4009bb0c6a19daf9f1+2
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
GHSA
GHSA-gv4g-88q2-j2qq: In the Linux kernel, the following vulnerability has been resolved: ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS Blamed commits2026-04-03
OSV
CVE-2026-23459: In the Linux kernel, the following vulnerability has been resolved: ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS Blamed commits f2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS2026-04-03
Debian
CVE-2026-23459: linux - In the Linux kernel, the following vulnerability has been resolved: ip_tunnel: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23459 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23459 — Incorrect Synchronization in Linux | cvebase