#VU124454 Unchecked Error Condition in Linux kernel - CVE-2026-23383
Published: March 25, 2026
Vulnerability identifier: #VU124454
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23383
CWE-ID: CWE-391
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper memory alignment in the BPF JIT compiler when handling 64-bit atomic operations on arm64. A local user can trigger execution of a specially crafted BPF program to cause a torn read of a 64-bit jump target, leading to control flow hijacking and arbitrary code execution.
Exploitation requires the ability to load and execute BPF programs, which is typically available to unprivileged users in modern Linux distributions with CONFIG_BPF_JIT enabled.
Remediation
Install security update from vendor's repository.