PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23378 Linux CVE debrief

The Linux kernel was vulnerable to an out-of-bounds error due to improper update behavior of the metalist in the ife action replace. This issue has been resolved by fixing the replace behavior. The vulnerability affected the Linux kernel, particularly in versions 4.15.1 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7. Users of the Linux kernel should review and apply patches from Linux kernel stable branches.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-25
Original CVE updated
2026-07-14
Advisory published
2026-03-25
Advisory updated
2026-07-14

Who should care

Users of the Linux kernel, particularly those using versions 4.15.1 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.77, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7, should review and apply patches or mitigations. They should also use compensating controls such as monitoring and exception tracking.

Technical summary

The Linux kernel vulnerability CVE-2026-23378 was caused by the ife action replace appending new metadata to the metalist instead of replacing the old data. This led to an unbounded addition of metadata, potentially causing an out-of-bounds error when running the encode operation. The issue has been fixed by updating the metalist in the ife rcu data structure. Affected users should update their Linux kernel to version 6.1.167 or later.

Defensive priority

High

Recommended defensive actions

  • Apply patches from Linux kernel stable branches
  • Update Linux kernel to version 6.1.167 or later
  • Use compensating controls such as monitoring and exception tracking
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-03-25T11:16:37.643Z and last modified on 2026-07-14T13:18:31.513Z. The NVD entry is currently Modified. This issue is caused by the ife action replace appending new metadata to the metalist instead of replacing the old data, potentially causing an out-of-bounds error when running the encode operation. Users should verify affected systems and apply patches or mitigations accordingly.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:37.643Z and has not been modified since then.