PatchSiren cyber security CVE debrief
CVE-2026-23359 Linux CVE debrief
A stack-out-of-bounds write vulnerability was discovered in the devmap component of the Linux kernel. The issue arises from the get_upper_ifindexes() function, which iterates over all upper devices and writes their indices into an array without checking bounds. This can lead to a stack-out-of-bounds write when there are more upper devices than expected. The vulnerability was resolved by adding a max parameter to get_upper_ifindexes() to prevent the out-of-bounds write.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-25
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-03-25
- Advisory updated
- 2026-07-14
Who should care
System administrators and users of Linux kernel versions 5.15.1 to 5.15.203, 5.16 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7 should be aware of this vulnerability and take necessary actions to mitigate it. Linux kernel developers and security teams should also be aware of this vulnerability and review the official advisory for guidance.
Technical summary
The vulnerability is caused by the get_upper_ifindexes() function not checking bounds when writing to an array of upper device indices. The function and its callers assume a maximum number of upper devices (MAX_NEST_DEV), but this assumption can be incorrect, leading to a stack-out-of-bounds write. To fix this issue, a max parameter was added to get_upper_ifindexes() to prevent the out-of-bounds write. If there are too many upper devices, the function returns -EOVERFLOW and aborts the redirect.
Defensive priority
High
Recommended defensive actions
- Update Linux kernel to a version that includes the fix
- Inventory Linux systems for exposure
- Monitor Linux systems for suspicious activity
- Implement compensating controls to prevent exploitation
- Review system logs for indicators of compromise
- Conduct regular vulnerability assessments
- Engage with Linux community for support
Evidence notes
The CVE record was published on 2026-03-25T11:16:34.740Z and last modified on 2026-07-14T13:18:30.847Z. The NVD entry is currently Modified. The Linux kernel vulnerability (CVE-2026-23359) was resolved by adding a max parameter to get_upper_ifindexes() to prevent stack-out-of-bounds write. The vulnerability affects Linux kernel versions 5.15.1 to 5.15.203, 5.16 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7.
Official resources
-
CVE-2026-23359 CVE record
CVE.org
-
CVE-2026-23359 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:34.740Z and has not been modified since then.