CVE-2026-23316

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to memory alignment and atomicity within the IPv4 networking stack. Specifically, the issue arises from using READ ONCE() and WRITE ONCE() on the struct sysctl fib multipath hash seed structure, which contains two u32 fields (user seed and mp seed). When compiled with Clang and Link Time Optimization (LTO) enabled, attempting to read the entire structure atomically using READ ONCE() can trigger an alignment fault on ARM64 architecture due to the instruction requiring natural alignment. Additionally, writing to the entire structure using WRITE ONCE() can lead to a tear-write condition, compromising atomicity. The issue is fixed by reading and writing the individual u32 members of the structure instead of the entire structure. The fib multipath hash from keys() function and proc fib multipath hash set seed() and proc fib multipath hash seed() functions are involved in the issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.