CVE-2026-23273

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc8+ #33

Description The Linux kernel contains a flaw within the macvlan module. Specifically, a race condition exists in the macvlan common newlink() function's error path, potentially leading to a slab-use-after-free issue. This occurs when macvlan common newlink() makes a network device (@dev) visible before an error is detected, allowing its caller to directly free the device using free netdev(dev). The issue requires respecting an RCU (Read-Copy-Update) period within both macvlan and the core networking stack. Exploitation involves creating a veth pair, configuring addresses, bringing up interfaces, and adding a macvlan interface, which can trigger the vulnerability. The issue was identified through KASAN (Kernel Address Sanitizer) reports during testing.

Recommendations Update to a newer version of the Linux kernel that contains a fix for this vulnerability.