CVE-2026-23416

In the Linux kernel, the following vulnerability has been resolved:

mm/mseal: update VMA end correctly on merge

Previously we stored the end of the current VMA in curr end, and then upon iterating to the next VMA updated curr start to curr end to advance to the next VMA.

However, this doesn't take into account the fact that a VMA might be updated due to a merge by vma modify flags(), which can result in curr end being stale and thus, upon setting curr start to curr end, ending up with an incorrect curr start on the next iteration.

Resolve the issue by setting curr end to vma->vm end unconditionally to ensure this value remains updated should this occur.

While we're here, eliminate this entire class of bug by simply setting const curr [start/end] to be clamped to the input range and VMAs, which also happens to simplify the logic.