Description

In the Linux kernel, the following vulnerability has been resolved: ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS Blamed commits forgot that vxlan/geneve use udp_tunnel[6]_xmit_skb() which call iptunnel_xmit_stats(). iptunnel_xmit_stats() was assuming tunnels were only using NETDEV_PCPU_STAT_TSTATS. @syncp offset in pcpu_sw_netstats and pcpu_dstats is different. 32bit kernels would either have corruptions or freezes if the syncp sequence was overwritten. This patch also moves pcpu_stat_type closer to dev->{t,d}stats to avoid a potential cache line miss since iptunnel_xmit_stats() needs to read it.

INFO

Published Date :

2026-04-03T15:15:39.665Z

Last Modified :

2026-04-03T15:15:39.665Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23459 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23459.

URL Resource
https://git.kernel.org/stable/c/0d087d00161f562d5047cc4009bb0c6a19daf9f1 cve-icon cve-icon
https://git.kernel.org/stable/c/8431c602f551549f082bbfa67f3003f2d8e3e132 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026040319-CVE-2026-23459-fcfb@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23459 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23459 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System