PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23284 Linux CVE debrief

CVE-2026-23284 is a Linux kernel bug in the mtk_eth_soc Ethernet driver’s XDP setup error path. According to the fixed description, if mtk_open fails during mtk_xdp_setup(), the code should restore the previous eBPF program pointer and avoid dropping its reference count. The published record ties the issue to multiple upstream/stable kernel fixes and rates it MEDIUM severity with primary availability impact.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-25
Original CVE updated
2026-05-22
Advisory published
2026-03-25
Advisory updated
2026-05-22

Who should care

Kernel maintainers, distro security teams, and operators running Linux kernels that include the MediaTek Ethernet driver (mtk_eth_soc), especially on systems that use XDP/eBPF features. Environments that rely on stable kernel update branches listed in the advisory should prioritize review and patching.

Technical summary

The vulnerability is an error-handling defect in mtk_xdp_setup(). On setup failure, the driver is supposed to revert prog to old_prog and not decrement the old program’s refcount. If it fails to do so, the kernel can be left with an incorrect eBPF program pointer and a reference-count mismatch in the driver state. NVD assigns CVSS 3.1 vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and does not provide a more specific CWE than NVD-CWE-noinfo.

Defensive priority

Medium. The issue is locally reachable and requires low privileges, but NVD rates the potential impact as high availability loss. Patch priority is strongest for systems using the affected MediaTek Ethernet driver and any deployment that enables or depends on XDP/eBPF paths.

Recommended defensive actions

  • Apply the relevant Linux kernel fixes referenced by NVD and move to a kernel build that includes the upstream/stable patch for this issue.
  • If you maintain a downstream kernel, verify that the mtk_xdp_setup() failure path restores old_prog and preserves the correct reference count handling.
  • Prioritize patch validation on systems that use MediaTek Ethernet hardware and XDP/eBPF features.
  • Track vendor kernel update branches that correspond to the affected version ranges listed by NVD: 6.0 before 6.1.167, 6.2 before 6.6.130, 6.7 before 6.12.77, 6.13 before 6.18.17, and 6.19 before 6.19.7.

Evidence notes

The debrief is based on the CVE description and NVD record only. NVD lists the vulnerability as analyzed, with CVSS 5.5 and vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The record includes multiple official kernel.org patch references, and the description explicitly says to reset the eBPF program pointer to old_prog and avoid decreasing its refcount if mtk_open fails in mtk_xdp_setup(). No exploit details beyond the supplied corpus are included.

Official resources

CVE record published 2026-03-25T11:16:23.080Z and later modified 2026-05-22T00:16:06.667Z. NVD’s source item shares the same publication and modification timestamps, and the record is marked analyzed.