CVE-2026-23459

Published: Apr 03, 2026 Last Modified: Apr 03, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS

Blamed commits forgot that vxlan/geneve use udp_tunnel[6]_xmit_skb() which
call iptunnel_xmit_stats().

iptunnel_xmit_stats() was assuming tunnels were only using
NETDEV_PCPU_STAT_TSTATS.

@syncp offset in pcpu_sw_netstats and pcpu_dstats is different.

32bit kernels would either have corruptions or freezes if the syncp
sequence was overwritten.

This patch also moves pcpu_stat_type closer to dev->{t,d}stats to avoid
a potential cache line miss since iptunnel_xmit_stats() needs to read it.

https://git.kernel.org/stable/c/0d087d00161f562d5047cc4009b…
https://git.kernel.org/stable/c/0d087d00161f562d5047cc4009bb0c6a19daf9f1
https://git.kernel.org/stable/c/8431c602f551549f082bbfa67f3…
https://git.kernel.org/stable/c/8431c602f551549f082bbfa67f3003f2d8e3e132