CVE-2026-23459

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained an issue within the ip tunnel module where the iptunnel xmit stats() function incorrectly assumed tunnels only used NETDEV PCPU STAT TSTATS. This occurred because commits failed to account for vxlan/geneve utilizing udp tunnel[6] xmit skb(), which calls iptunnel xmit stats(). On 32-bit kernels, this could lead to data corruption or system freezes due to an offset difference in pcpu sw netstats and pcpu dstats, potentially overwriting the syncp sequence. The patch adjusts iptunnel xmit stats() to support NETDEV PCPU STAT DSTATS and moves pcpu stat type closer to dev->{t,d}stats to reduce potential cache line misses.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.