CVE-2026-23001
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-25

Last updated on: 2026-04-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts. This allows macvlan_forward_source() to skip over entries queued for freeing. Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)). https: //lore.kernel.org/netdev/[email protected]/T/#u
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-25
Last Modified
2026-04-27
Generated
2026-05-07
AI Q&A
2026-01-25
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23001
Affected Vendors & Products
Showing 15 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.13 (inc) to 6.18.7 (exc)
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 5.11 (inc) to 5.15.199 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.162 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.122 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.67 (exc)
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 3.18
linux linux_kernel From 3.18.1 (inc) to 5.10.249 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free (UAF) issue in the Linux kernel's macvlan component, specifically in the macvlan_forward_source() function. It occurs because the vlan pointer in the macvlan_source_entry structure is not properly cleared before the RCU (Read-Copy-Update) grace period starts when macvlan_hash_del_source() is called. This can cause macvlan_forward_source() to access entries that are queued for freeing, potentially leading to undefined behavior or crashes. The fix involves adding RCU protection to the vlan pointer to prevent this issue.


How can this vulnerability impact me? :

This vulnerability can lead to use-after-free conditions in the Linux kernel's macvlan networking code, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service by exploiting the improper handling of freed memory.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart