PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23359 Linux CVE debrief

A stack-out-of-bounds write vulnerability was discovered in the devmap component of the Linux kernel. The issue arises from the get_upper_ifindexes() function, which iterates over all upper devices and writes their indices into an array without checking bounds. This can lead to a stack-out-of-bounds write when there are more upper devices than expected. The vulnerability was resolved by adding a max parameter to get_upper_ifindexes() to prevent the out-of-bounds write.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-25
Original CVE updated
2026-07-14
Advisory published
2026-03-25
Advisory updated
2026-07-14

Who should care

System administrators and users of Linux kernel versions 5.15.1 to 5.15.203, 5.16 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7 should be aware of this vulnerability and take necessary actions to mitigate it. Linux kernel developers and security teams should also be aware of this vulnerability and review the official advisory for guidance.

Technical summary

The vulnerability is caused by the get_upper_ifindexes() function not checking bounds when writing to an array of upper device indices. The function and its callers assume a maximum number of upper devices (MAX_NEST_DEV), but this assumption can be incorrect, leading to a stack-out-of-bounds write. To fix this issue, a max parameter was added to get_upper_ifindexes() to prevent the out-of-bounds write. If there are too many upper devices, the function returns -EOVERFLOW and aborts the redirect.

Defensive priority

High

Recommended defensive actions

  • Update Linux kernel to a version that includes the fix
  • Inventory Linux systems for exposure
  • Monitor Linux systems for suspicious activity
  • Implement compensating controls to prevent exploitation
  • Review system logs for indicators of compromise
  • Conduct regular vulnerability assessments
  • Engage with Linux community for support

Evidence notes

The CVE record was published on 2026-03-25T11:16:34.740Z and last modified on 2026-07-14T13:18:30.847Z. The NVD entry is currently Modified. The Linux kernel vulnerability (CVE-2026-23359) was resolved by adding a max parameter to get_upper_ifindexes() to prevent stack-out-of-bounds write. The vulnerability affects Linux kernel versions 5.15.1 to 5.15.203, 5.16 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:34.740Z and has not been modified since then.