{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23001", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.938Z", "datePublished": "2026-01-25T14:36:15.790Z", "dateUpdated": "2026-05-11T21:58:05.192Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:58:05.192Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: fix possible UAF in macvlan_forward_source()\n\nAdd RCU protection on (struct macvlan_source_entry)->vlan.\n\nWhenever macvlan_hash_del_source() is called, we must clear\nentry->vlan pointer before RCU grace period starts.\n\nThis allows macvlan_forward_source() to skip over\nentries queued for freeing.\n\nNote that macvlan_dev are already RCU protected, as they\nare embedded in a standard netdev (netdev_priv(ndev)).\n\nhttps: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/macvlan.c"], "versions": [{"version": "79cf79abce71eb7dbc40e2f3121048ca5405cb47", "lessThan": "8133e85b8a3ec9f10d861e0002ec6037256e987e", "status": "affected", "versionType": "git"}, {"version": "79cf79abce71eb7dbc40e2f3121048ca5405cb47", "lessThan": "484919832e2db6ce1e8add92c469e5d459a516b5", "status": "affected", "versionType": "git"}, {"version": "79cf79abce71eb7dbc40e2f3121048ca5405cb47", "lessThan": "232afc74a6dde0fe1830988e5827921f5ec9bb3f", "status": "affected", "versionType": "git"}, {"version": "79cf79abce71eb7dbc40e2f3121048ca5405cb47", "lessThan": "15f6faf36e162532bec5cc05eb3fc622108bf2ed", "status": "affected", "versionType": "git"}, {"version": "79cf79abce71eb7dbc40e2f3121048ca5405cb47", "lessThan": "8518712a2ca952d6da2238c6f0a16b4ae5ea3f13", "status": "affected", "versionType": "git"}, {"version": "79cf79abce71eb7dbc40e2f3121048ca5405cb47", "lessThan": "6dbead9c7677186f22b7981dd085a0feec1f038e", "status": "affected", "versionType": "git"}, {"version": "79cf79abce71eb7dbc40e2f3121048ca5405cb47", "lessThan": "7470a7a63dc162f07c26dbf960e41ee1e248d80e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/macvlan.c"], "versions": [{"version": "3.18", "status": "affected"}, {"version": "0", "lessThan": "3.18", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.249", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.199", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.67", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.7", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "5.10.249"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "5.15.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.12.67"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.18.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8133e85b8a3ec9f10d861e0002ec6037256e987e"}, {"url": "https://git.kernel.org/stable/c/484919832e2db6ce1e8add92c469e5d459a516b5"}, {"url": "https://git.kernel.org/stable/c/232afc74a6dde0fe1830988e5827921f5ec9bb3f"}, {"url": "https://git.kernel.org/stable/c/15f6faf36e162532bec5cc05eb3fc622108bf2ed"}, {"url": "https://git.kernel.org/stable/c/8518712a2ca952d6da2238c6f0a16b4ae5ea3f13"}, {"url": "https://git.kernel.org/stable/c/6dbead9c7677186f22b7981dd085a0feec1f038e"}, {"url": "https://git.kernel.org/stable/c/7470a7a63dc162f07c26dbf960e41ee1e248d80e"}], "title": "macvlan: fix possible UAF in macvlan_forward_source()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "29FC5F95-33A0-4CB2-98EB-8ED88B5DB098", "versionEndExcluding": "5.10.249", "versionStartIncluding": "3.18.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A247FBA6-BEB9-484F-B892-DD5517949CCD", "versionEndExcluding": "5.15.199", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6579E0D4-0641-479D-A4C3-0EF618798C55", "versionEndExcluding": "6.1.162", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F", "versionEndExcluding": "6.6.122", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7456F614-6AA8-4C08-8229-BA342D4AFBAD", "versionEndExcluding": "6.12.67", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "99FF3E05-0E7A-44E9-8E47-BF6F1F8EC436", "versionEndExcluding": "6.18.7", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.18:-:*:*:*:*:*:*", "matchCriteriaId": "2C941823-DB24-432E-8F78-90665662756A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*", "matchCriteriaId": "F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*", "matchCriteriaId": "EB5B7DFC-C36B-45D8-922C-877569FDDF43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: fix possible UAF in macvlan_forward_source()\n\nAdd RCU protection on (struct macvlan_source_entry)->vlan.\n\nWhenever macvlan_hash_del_source() is called, we must clear\nentry->vlan pointer before RCU grace period starts.\n\nThis allows macvlan_forward_source() to skip over\nentries queued for freeing.\n\nNote that macvlan_dev are already RCU protected, as they\nare embedded in a standard netdev (netdev_priv(ndev)).\n\nhttps: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u"}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nmacvlan: soluciona posible UAF en macvlan_forward_source()\n\nA\u00f1ade protecci\u00f3n RCU en (struct macvlan_source_entry)->vlan.\n\nSiempre que se llama a macvlan_hash_del_source(), debemos borrar el puntero entry->vlan antes de que comience el per\u00edodo de gracia de RCU.\n\nEsto permite a macvlan_forward_source() omitir entradas en cola para ser liberadas.\n\nTenga en cuenta que macvlan_dev ya est\u00e1n protegidos por RCU, ya que est\u00e1n incrustados en un netdev est\u00e1ndar (netdev_priv(ndev)).\n\nhttps: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u"}], "id": "CVE-2026-23001", "lastModified": "2026-04-27T14:16:28.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-25T15:15:54.970", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/15f6faf36e162532bec5cc05eb3fc622108bf2ed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/232afc74a6dde0fe1830988e5827921f5ec9bb3f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/484919832e2db6ce1e8add92c469e5d459a516b5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6dbead9c7677186f22b7981dd085a0feec1f038e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7470a7a63dc162f07c26dbf960e41ee1e248d80e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8133e85b8a3ec9f10d861e0002ec6037256e987e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8518712a2ca952d6da2238c6f0a16b4ae5ea3f13"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: macvlan: fix possible UAF in macvlan_forward_source()", "id": "2432664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432664"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-23001", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23001\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23001\nhttps://lore.kernel.org/linux-cve-announce/2026012534-CVE-2026-23001-7ab0@gregkh/T"], "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-18T02:53:20.207150+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that contains the UAF fix, such as kernel 6.19 rc8 or later stable releases.", "For systems that cannot be upgraded immediately, verify that the patch commit 15f6faf36e162532bec5cc05eb3fc622108bf2ed has been applied to your kernel source and rebuild.", "As a temporary measure, disable macvlan interfaces or restrict traffic that triggers macvlan_forward_source() until a patched kernel is deployed."], "summary": {"action": "Immediate Patch", "impact": "Local Privilege Escalation via Kernel Use-After-Free"}, "threat_synthesis": {"affected_systems": "Affected products are Linux kernel releases that incorporate the macvlan code path, notably kernel 3.18 and the 6.19 release candidates from rc1 through rc8. The CPE list also references the generic Linux kernel family, implying any kernel version lacking the applied patch is susceptible. Systems running one of these kernels without the fix remain vulnerable.", "description_and_impact": "The vulnerability occurs in the Linux kernel\u2019s macvlan subsystem. A use\u2011after\u2011free condition within macvlan_forward_source() allows an attacker to manipulate the VLAN pointer during a deletion sequence. If successful, the kernel may execute code in an uncontrolled context, potentially granting the attacker kernel\u2011level privileges. This flaw is linked to CWE\u2011416 and carries a CVSS score of 7.8. The description indicates that the issue was resolved by adding RCU protection and clearing the pointer before the grace period starts, preventing stale references.", "risk_and_exploitability": "The CVSS base score of 7.8 indicates high severity, but the EPSS score of less than 1% suggests a currently low likelihood of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog, indicating that no widespread or confirmed attacks have been reported yet. Attackers would need to trigger a packet processing path that deletes a macvlan source entry while an attacker controls the associated VLAN pointer, implying local or possibly remote code execution if the attacker can manipulate traffic directed to the kernel."}}}}, "created": "2026-04-18T03:00:10.328494+00:00", "updated": "2026-04-18T03:00:10.328505+00:00", "vendors": []}