CVE-2026-23459
Analyzed Analyzed - Analysis Complete
Race Condition in Linux Kernel ip_tunnel Causes System Freeze

Publication date: 2026-04-03

Last updated on: 2026-05-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS Blamed commits forgot that vxlan/geneve use udp_tunnel[6]_xmit_skb() which call iptunnel_xmit_stats(). iptunnel_xmit_stats() was assuming tunnels were only using NETDEV_PCPU_STAT_TSTATS. @syncp offset in pcpu_sw_netstats and pcpu_dstats is different. 32bit kernels would either have corruptions or freezes if the syncp sequence was overwritten. This patch also moves pcpu_stat_type closer to dev->{t,d}stats to avoid a potential cache line miss since iptunnel_xmit_stats() needs to read it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23459
EUVD
EUVD-2026-18718
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.14 (inc) to 6.19.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's IP tunnel code, specifically in the function iptunnel_xmit_stats(). The function was originally designed assuming that tunnels only used NETDEV_PCPU_STAT_TSTATS, but it did not account for vxlan and geneve tunnels that use udp_tunnel[6]_xmit_skb(), which also calls iptunnel_xmit_stats().

Because of differences in how synchronization primitives (@syncp) offset the per-CPU software network statistics (pcpu_sw_netstats) and per-CPU device statistics (pcpu_dstats), 32-bit kernels could experience data corruption or system freezes if the synchronization sequence was overwritten.

The patch that fixed this issue also improved performance by moving the pcpu_stat_type closer to the device's stats to avoid potential cache line misses.

Impact Analysis

This vulnerability can cause data corruption or system freezes on 32-bit Linux kernels when using certain network tunnels like vxlan or geneve. This can lead to instability or crashes in systems relying on these tunneling protocols.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23459. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart