CVE-2026-23447 in Kernel
Сводка (Английский)
In the Linux kernel, the following vulnerability has been resolved:
net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
The same bounds-check bug fixed for NDP16 in the previous patch also
exists in cdc_ncm_rx_verify_ndp32(). The DPE array size is validated
against the total skb length without accounting for ndpoffset, allowing
out-of-bounds reads when the NDP32 is placed near the end of the NTB.
Add ndpoffset to the nframes bounds check and use struct_size_t() to
express the NDP-plus-DPE-array size more clearly.
Compile-tested only.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Ответственный
Linux
Резервировать
13.01.2026
Раскрытие
03.04.2026
Статус
Подтверждённый
Записи
VulDB provides additional information and datapoints for this CVE:
| ИД | Уязвимость | CWE | Экс | Кон | CVE |
|---|---|---|---|---|---|
| 355147 | Linux Kernel net cdc_ncm_rx_verify_ndp32 раскрытие информации | 125 | Не определено | Официальное исправление | CVE-2026-23447 |