PatchSiren cyber security CVE debrief
CVE-2026-23378 Linux CVE debrief
The Linux kernel was vulnerable to an out-of-bounds error due to improper update behavior of the metalist in the ife action replace. This issue has been resolved by fixing the replace behavior. The vulnerability affected the Linux kernel, particularly in versions 4.15.1 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7. Users of the Linux kernel should review and apply patches from Linux kernel stable branches.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-25
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-03-25
- Advisory updated
- 2026-07-14
Who should care
Users of the Linux kernel, particularly those using versions 4.15.1 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7, should review and apply patches or mitigations. They should also use compensating controls such as monitoring and exception tracking.
Technical summary
The Linux kernel vulnerability CVE-2026-23378 was caused by the ife action replace appending new metadata to the metalist instead of replacing the old data. This led to an unbounded addition of metadata, potentially causing an out-of-bounds error when running the encode operation. The issue has been fixed by updating the metalist in the ife rcu data structure. Affected users should update their Linux kernel to version 6.1.167 or later.
Defensive priority
High
Recommended defensive actions
- Apply patches from Linux kernel stable branches
- Update Linux kernel to version 6.1.167 or later
- Use compensating controls such as monitoring and exception tracking
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-03-25T11:16:37.643Z and last modified on 2026-07-14T13:18:31.513Z. The NVD entry is currently Modified. This issue is caused by the ife action replace appending new metadata to the metalist instead of replacing the old data, potentially causing an out-of-bounds error when running the encode operation. Users should verify affected systems and apply patches or mitigations accordingly.
Official resources
-
CVE-2026-23378 CVE record
CVE.org
-
CVE-2026-23378 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:37.643Z and has not been modified since then.