CVE-2026-23083 in Linuxinfo

Summary

by MITRE • 02/04/2026

In the Linux kernel, the following vulnerability has been resolved:

fou: Don't allow 0 for FOU_ATTR_IPPROTO.

fou_udp_recv() has the same problem mentioned in the previous patch.

If FOU_ATTR_IPPROTO is set to 0, skb is not freed by fou_udp_recv() nor "resubmit"-ted in ip_protocol_deliver_rcu().

Let's forbid 0 for FOU_ATTR_IPPROTO.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/03/2026

The vulnerability described in CVE-2026-23083 resides within the Linux kernel's Forwarding Over UDP (FOU) implementation, specifically addressing a critical flaw in how the kernel processes FOU attributes. This issue affects the fou_udp_recv() function which handles incoming UDP packets destined for FOU processing. The vulnerability stems from the kernel's failure to properly validate the FOU_ATTR_IPPROTO attribute value, allowing a malicious actor to set this parameter to zero. When FOU_ATTR_IPPROTO is set to zero, the kernel enters an inconsistent state where the socket buffer (skb) remains unfreed and is neither properly processed nor resubmitted through the network stack's delivery mechanism. This creates a memory management anomaly that can lead to resource exhaustion and potential denial of service conditions.

The technical flaw manifests in the network protocol processing pipeline where the kernel's FOU subsystem fails to validate input parameters before proceeding with packet handling operations. The FOU_ATTR_IPPROTO attribute is intended to specify the IP protocol number for encapsulated packets, but when set to zero, it effectively disables proper protocol identification and handling. The fou_udp_recv() function, which processes incoming UDP packets for FOU operations, does not adequately check for this invalid value and continues processing without proper error handling. This creates a path where packets with zero protocol numbers bypass normal packet cleanup routines, leading to memory leaks and potential exploitation opportunities. The vulnerability is classified under CWE-20 as "Improper Input Validation" and represents a classic case of insufficient parameter validation in kernel space operations.

The operational impact of this vulnerability extends beyond simple resource exhaustion to potentially enable more sophisticated attack vectors within the network stack. When FOU_ATTR_IPPROTO is set to zero, the system's packet processing becomes inconsistent, as the kernel cannot properly determine how to handle the encapsulated traffic. This condition can cause the network stack to enter an undefined state where packets accumulate in memory without proper cleanup, leading to gradual memory depletion that can affect overall system stability. The vulnerability is particularly concerning because it operates at the kernel level, where memory management errors can cascade into system-wide instability. Attackers could exploit this by crafting malicious FOU configuration requests that set the protocol attribute to zero, potentially causing denial of service conditions or creating opportunities for further exploitation through memory corruption.

Mitigation strategies for this vulnerability should focus on immediate kernel updates that enforce proper validation of FOU attributes, specifically rejecting any attempt to set FOU_ATTR_IPPROTO to zero values. System administrators should ensure their kernel versions are updated to include the patch that prevents zero values from being accepted in FOU protocol attributes. Additionally, network monitoring should be enhanced to detect unusual FOU configuration patterns or attempts to set invalid protocol numbers. The implementation of proper input validation at the kernel level addresses the root cause by ensuring that all FOU attributes are validated before processing begins. This aligns with ATT&CK technique T1068 which involves exploiting vulnerabilities in the kernel or system-level components. Organizations should also implement network segmentation and access controls to limit the potential impact of such vulnerabilities, particularly in environments where FOU functionality is actively used for network virtualization or tunneling operations.

Responsible

Linux

Reservation

01/13/2026

Disclosure

02/04/2026

Moderation

accepted

CPE

ready

EPSS

0.00129

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!