CVE-2026-23448

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the cdc ncm rx verify ndp16() function where the bounds check for NDP16 nframes omits the ndpoffset value. This allows the DPE entries to extend past the skb data buffer when the NDP is placed near the end of the NTB, leading to out-of-bounds memory reads in cdc ncm rx fixup() during DPE array iteration.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.