CVE-2026-23003

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained an issue within the ip6 tunnel component where the code did not properly handle VLAN encapsulations. Specifically, the commit responsible did not account for VLAN encapsulations, leading to potential problems. The fix involves using skb vlan inet prepare() instead of pskb inet may pull(). This issue was identified by syzbot and resulted in uninitialized value errors during kernel operation, potentially impacting system stability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-200

Related Identifiers

BDU:2026-01113

CVE-2026-23003

ECHO-022B-8C27-D5DE

OESA-2026-1340

OESA-2026-1566

OESA-2026-1567

OESA-2026-1570

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1078-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8162-1

USN-8180-1

USN-8180-2

USN-8180-3

USN-8180-4

USN-8180-5

USN-8180-6

USN-8186-1

USN-8187-1

USN-8188-1

USN-8243-1

USN-8275-1

USN-8278-1

USN-8278-2

USN-8289-1

USN-8289-2

USN-8296-1

USN-8296-2

USN-8297-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-23003

Weakness Enumeration

Related Identifiers

Affected Products

References · 2282