Bug 2448694 (CVE-2026-23262)
| Summary: | CVE-2026-23262 kernel: gve: Fix stats report corruption on queue count change | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A memory corruption vulnerability was found in the Linux kernel's Google Virtual Ethernet (gve) driver. The driver and NIC share a memory region for statistics reporting, with the NIC calculating its write offset based on the region size. When queue count is increased, the driver resizes the stats region, but the NIC continues using the old offset calculation, causing out-of-bounds writes past the allocated buffer and corrupting kernel memory.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-03-18 18:02:51 UTC
|