PatchSiren cyber security CVE debrief
CVE-2026-23397 Linux CVE debrief
A HIGH severity vulnerability was found in the Linux kernel's nfnetlink_osf component. The vulnerability is caused by a lack of validation of individual option lengths in fingerprints, which can lead to a general protection fault and potential null-pointer dereference. This issue allows attackers to trigger a denial-of-service condition or potentially execute arbitrary code with elevated privileges.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-26
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-03-26
- Advisory updated
- 2026-07-14
Who should care
Linux kernel users and administrators should be aware of this vulnerability and take steps to mitigate it. Affected systems include those running Linux kernels with nfnetlink_osf enabled. Security teams should review and apply patches or mitigations as soon as possible.
Technical summary
The vulnerability exists in the nfnetlink_osf component of the Linux kernel. The nfnl_osf_add_callback() function validates opt_num bounds and string NUL-termination but does not check individual option length fields. This can cause nf_osf_match_one() to enter the option matching loop even when foptsize sums to zero, leading to a general protection fault and potential null-pointer dereference. Additionally, an MSS option (kind=2) with length < 4 causes out-of-bounds reads when nf_osf_match_one() unconditionally accesses optp[2] and optp[3] for MSS value extraction.
Defensive priority
High
Recommended defensive actions
- Apply patches from Linux kernel maintainers
- Restrict access to nfnetlink_osf component
- Monitor network traffic for suspicious activity
- Keep Linux kernel up-to-date
- Review compensating controls for exposed systems
- Track exceptions and retest remediated assets
- Verify patch deployment in managed environments
Evidence notes
The CVE record was published on 2026-03-26T11:16:19.720Z and was last modified on 2026-07-14T13:18:32.457Z. The NVD entry is currently Modified. This vulnerability affects Linux kernel users and administrators. Evidence is limited to public CVE and NVD information.
Official resources
-
CVE-2026-23397 CVE record
CVE.org
-
CVE-2026-23397 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-26T11:16:19.720Z and has not been modified since then.