CVE-2026-23459

HIGH

ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS Blamed commits forgot that vxlan/geneve use udp_tunnel[6]_xmit_skb() which call iptunnel_xmit_stats(). iptunnel_xmit_stats() was assuming tunnels were only using NETDEV_PCPU_STAT_TSTATS. @syncp offset in pcpu_sw_netstats and pcpu_dstats is different. 32bit kernels would either have corruptions or freezes if the syncp sequence was overwritten. This patch also moves pcpu_stat_type closer to dev->{t,d}stats to avoid a potential cache line miss since iptunnel_xmit_stats() needs to read it.

References (2)

Core 2

Core References

https://git.kernel.org/stable/c/0d087d00161f562d5047cc4009bb0c6a19daf9f1

https://git.kernel.org/stable/c/8431c602f551549f082bbfa67f3003f2d8e3e132

Scores

CVSS v3 8.2

EPSS 0.0006

EPSS Percentile 17.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Details

Status published

Products (7)

Linux/Linux < 6.14

Linux/Linux 6.14

Linux/Linux 6.19.10 - 6.19.*

Linux/Linux 7.0

Linux/Linux 7.0-rc5

Linux/Linux be226352e8dc77d3313c096b2d8e7f69bf6980fc - 0d087d00161f562d5047cc4009bb0c6a19daf9f1

Linux/Linux be226352e8dc77d3313c096b2d8e7f69bf6980fc - 8431c602f551549f082bbfa67f3003f2d8e3e132

Published Apr 03, 2026

Tracked Since Apr 03, 2026