#VU124458 Out-of-bounds write in Linux kernel - CVE-2026-23386
Published: March 25, 2026
Vulnerability identifier: #VU124458
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23386
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a boundary error in the gve_tx_clean_pending_packets() function in the Google Virtual Ethernet (gve) driver when handling packet transmission cleanup in DQ-QPL mode. A local user can trigger improper buffer cleanup by causing the transmission path to fail, leading to out-of-bounds memory access and system crash.
The issue arises because the function incorrectly uses the RDA buffer cleanup path in QPL mode, resulting in accessing memory beyond the bounds of the dma array, which shares storage with tx_qpl_buf_ids. This can be triggered during normal operation under specific error conditions.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/07e0c80e17ef781799e7cd5c41a7bf44f1bf6a5f
- https://git.kernel.org/stable/c/3744ebd8ffaa542ae8110fb449adcac0202f4cc8
- https://git.kernel.org/stable/c/71511dae56a75ce161aa746741e5c498feaea393
- https://git.kernel.org/stable/c/c171f90f58974c784db25e0606051541cb71b7f0
- https://git.kernel.org/stable/c/fb868db5f4bccd7a78219313ab2917429f715cea