CVE-2026-23455
Out-of-Bounds Read in Linux Kernel netfilter nf_conntrack_h
Publication date: 2026-04-03
Last updated on: 2026-04-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | linux_kernel | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's netfilter component, specifically in the nf_conntrack_h323 module within the DecodeQ931() function.
The issue arises because the function reads a 16-bit length value from a packet and then decrements it by 1 to skip a protocol discriminator byte. If the original length is zero, decrementing it causes an integer wrap to -1, which is interpreted as a very large positive value when passed to the decoder.
This leads to an out-of-bounds read in the decoder, which can cause unexpected behavior or crashes.
The fix involves adding a check to ensure the length remains positive after decrementing, preventing the wrap and subsequent out-of-bounds read.
How can this vulnerability impact me? :
This vulnerability can lead to an out-of-bounds read in the Linux kernel's netfilter nf_conntrack_h323 module.
Such out-of-bounds reads may cause system instability, crashes, or potentially allow attackers to read sensitive memory areas, depending on the context and exploitation.
Therefore, it could impact system reliability and security, possibly leading to denial of service or information disclosure.