1. Home
  2. Vulnerabilities
  3. CVE-2026-23359
0.0
NA
CVE-2026-23359
bpf: Fix stack-out-of-bounds write in devmap
Overview
Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap get_upper_ifindexes() iterates over all upper devices and writes their indices into an array without checking bounds. Also the callers assume that the max number of upper devices is MAX_NEST_DEV and allocate excluded_devices[1+MAX_NEST_DEV] on the stack, but that assumption is not correct and the number of upper devices could be larger than MAX_NEST_DEV (e.g., many macvlans), causing a stack-out-of-bounds write. Add a max parameter to get_upper_ifindexes() to avoid the issue. When there are too many upper devices, return -EOVERFLOW and abort the redirect. To reproduce, create more than MAX_NEST_DEV(8) macvlans on a device with an XDP program attached using BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS. Then send a packet to the device to trigger the XDP redirect path.

Details
INFO

Published Date :

March 25, 2026, 11:16 a.m.

Last Modified :

March 25, 2026, 11:16 a.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Impact
Affected Products

The following products are affected by CVE-2026-23359 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Fix stack out-of-bounds write by adding bounds checking to device index iteration.
  • Update the Linux kernel to include the fix.
  • Add a max parameter to get_upper_ifindexes().
  • Return -EOVERFLOW on too many upper devices.
  • Abort redirect when bounds are exceeded.
References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-23359.

URL Resource
https://git.kernel.org/stable/c/5000e40acc8d0c36ab709662e32120986ac22e7e
https://git.kernel.org/stable/c/75d474702b2ba8b6bcb26eb3004dbc5e95ffd5d2
https://git.kernel.org/stable/c/8a95fb9df1105b1618872c2846a6c01e3ba20b45
https://git.kernel.org/stable/c/b7bf516c3ecd9a2aae2dc2635178ab87b734fef1
https://git.kernel.org/stable/c/ca831567908fd3f73cf97d8a6c09a5054697a182
https://git.kernel.org/stable/c/d2c31d8e03d05edc16656e5ffe187f0d1da763d7
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-23359 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-23359 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-23359 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-23359 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 25, 2026

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap get_upper_ifindexes() iterates over all upper devices and writes their indices into an array without checking bounds. Also the callers assume that the max number of upper devices is MAX_NEST_DEV and allocate excluded_devices[1+MAX_NEST_DEV] on the stack, but that assumption is not correct and the number of upper devices could be larger than MAX_NEST_DEV (e.g., many macvlans), causing a stack-out-of-bounds write. Add a max parameter to get_upper_ifindexes() to avoid the issue. When there are too many upper devices, return -EOVERFLOW and abort the redirect. To reproduce, create more than MAX_NEST_DEV(8) macvlans on a device with an XDP program attached using BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS. Then send a packet to the device to trigger the XDP redirect path.
    Added Reference https://git.kernel.org/stable/c/5000e40acc8d0c36ab709662e32120986ac22e7e
    Added Reference https://git.kernel.org/stable/c/75d474702b2ba8b6bcb26eb3004dbc5e95ffd5d2
    Added Reference https://git.kernel.org/stable/c/8a95fb9df1105b1618872c2846a6c01e3ba20b45
    Added Reference https://git.kernel.org/stable/c/b7bf516c3ecd9a2aae2dc2635178ab87b734fef1
    Added Reference https://git.kernel.org/stable/c/ca831567908fd3f73cf97d8a6c09a5054697a182
    Added Reference https://git.kernel.org/stable/c/d2c31d8e03d05edc16656e5ffe187f0d1da763d7
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.