PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23397 Linux CVE debrief

A HIGH severity vulnerability was found in the Linux kernel's nfnetlink_osf component. The vulnerability is caused by a lack of validation of individual option lengths in fingerprints, which can lead to a general protection fault and potential null-pointer dereference. This issue allows attackers to trigger a denial-of-service condition or potentially execute arbitrary code with elevated privileges.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-26
Original CVE updated
2026-07-14
Advisory published
2026-03-26
Advisory updated
2026-07-14

Who should care

Linux kernel users and administrators should be aware of this vulnerability and take steps to mitigate it. Affected systems include those running Linux kernels with nfnetlink_osf enabled. Security teams should review and apply patches or mitigations as soon as possible.

Technical summary

The vulnerability exists in the nfnetlink_osf component of the Linux kernel. The nfnl_osf_add_callback() function validates opt_num bounds and string NUL-termination but does not check individual option length fields. This can cause nf_osf_match_one() to enter the option matching loop even when foptsize sums to zero, leading to a general protection fault and potential null-pointer dereference. Additionally, an MSS option (kind=2) with length < 4 causes out-of-bounds reads when nf_osf_match_one() unconditionally accesses optp[2] and optp[3] for MSS value extraction.

Defensive priority

High

Recommended defensive actions

  • Apply patches from Linux kernel maintainers
  • Restrict access to nfnetlink_osf component
  • Monitor network traffic for suspicious activity
  • Keep Linux kernel up-to-date
  • Review compensating controls for exposed systems
  • Track exceptions and retest remediated assets
  • Verify patch deployment in managed environments

Evidence notes

The CVE record was published on 2026-03-26T11:16:19.720Z and was last modified on 2026-07-14T13:18:32.457Z. The NVD entry is currently Modified. This vulnerability affects Linux kernel users and administrators. Evidence is limited to public CVE and NVD information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-26T11:16:19.720Z and has not been modified since then.