CVE-2026-23456

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.10 through 6.19

Description An out-of-bounds read exists in the Linux kernel's H.323 connection tracking parser within the nf conntrack h323 module. The issue occurs in the decode int() function during the CONS case. Specifically, the function calls get bits(bs, 2) to determine a length value and subsequently calls get uint(bs, len) to read data. However, it fails to verify if the required len bytes actually remain in the buffer before the read occurs. This allows a remotely triggerable attack where a malformed H.323/RAS packet sent to port 1720 can cause a 1-4 byte slab-out-of-bounds read. This memory leak can potentially expose kernel pointers, ASLR secrets, or cryptographic material, which could be used to defeat Kernel Address Space Layout Randomization (KASLR).

Recommendations Update the Linux kernel to a version where the fix has been applied for versions 5.10 through 6.19. As a temporary workaround, restrict access to port 1720 or disable the nf conntrack h323 module to minimize the risk of exploitation.