CVE-2026-23172

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s t7xx driver related to handling data reception in the DPMAIF RX path. The t7xx dpmaif set frag to skb() function does not adequately validate the number of fragments added to an skb, potentially exceeding MAX SKB FRAGS. This can result in a buffer overflow within the skb shinfo(skb)->frags[] array, leading to memory corruption and potentially kernel crashes. The issue arises when the modem firmware sends packets with an excessive number of fragments, which could occur due to malicious, buggy, or compromised firmware. The fix involves adding a bounds check before calling skb add rx frag() to ensure the number of fragments does not exceed the maximum allowed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.