CVE-2026-23378

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.0-rc1-00169-gfbdfa8da05b6

Description The Linux kernel contains a flaw in the net/sched component, specifically within the act ife module. An incorrect metalist update behavior can occur when an ife action is replaced, leading to an unbounded addition of metadata to the metalist. This can potentially cause an out-of-bounds error during the encode operation, as demonstrated by a KASAN report. The issue is related to the ife tlv meta encode function and the ife encode meta u16 function. The tcf ife act function is also involved in the process.

Recommendations Update the Linux kernel to version 7.0.0-rc1-00169-gfbdfa8da05b6 or later.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2026-23378

ECHO-FD3D-B62F-B81E

OESA-2026-2172

OESA-2026-2176

OPENSUSE-SU-2026:20826-1

SUSE-SU-2026:2068-1

SUSE-SU-2026:21841-1

SUSE-SU-2026:21845-1

SUSE-SU-2026:21860-1

SUSE-SU-2026:21876-1

SUSE-SU-2026:21877-1

SUSE-SU-2026:21916-1

SUSE-SU-2026:21919-1

SUSE-SU-2026:2217-1

Affected Products

Linux Kernel

CVE-2026-23378

Weakness Enumeration

Related Identifiers

Affected Products

References · 46