CVE-2026-23083

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-23083

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23083.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2026-23083

Downstream

BELL-CVE-2026-23083

DEBIAN-CVE-2026-23083

DLA-4475-1

DLA-4476-1

DSA-6126-1

DSA-6127-1

ECHO-dfc2-de71-f868

MGASA-2026-0097

MGASA-2026-0098

ROOT-OS-UBUNTU-2204-CVE-2026-23083

ROOT-OS-UBUNTU-2404-CVE-2026-23083

SUSE-SU-2026:0962-1

SUSE-SU-2026:1078-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

UBUNTU-CVE-2026-23083

USN-8162-1

USN-8180-1

USN-8180-2

USN-8180-3

USN-8180-4

USN-8180-5

USN-8180-6

USN-8186-1

USN-8187-1

USN-8188-1

USN-8243-1

openSUSE-SU-2026:20416-1

Related

Published

2026-02-04T16:08:07.561Z

Modified

2026-05-07T04:17:21.802716Z

Summary

fou: Don't allow 0 for FOU_ATTR_IPPROTO.

Details

In the Linux kernel, the following vulnerability has been resolved:

fou: Don't allow 0 for FOUATTRIPPROTO.

fouudprecv() has the same problem mentioned in the previous patch.

If FOUATTRIPPROTO is set to 0, skb is not freed by fouudprecv() nor "resubmit"-ted in ipprotocoldeliver_rcu().

Let's forbid 0 for FOUATTRIPPROTO.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23083.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

23461551c00628c3f3fe9cf837bf53cf8f212b63

Fixed

c7498f9bc390479ccfad7c7f2332237ff4945b03

Fixed

611ef4bd9c73d9e6d87bed57a635ff1fdd8c91ea

Fixed

6e983789b7588ee59cbf303583546c043bad8e19

Fixed

1cc98b8887cabb1808d2f4a37cd10a7be7574771

Fixed

b7db31a52c3862a1a32202a273a4c32e7f5f4823

Fixed

9b75dff8446ec871030d8daf5a69e74f5fe8b956

Fixed

7a9bc9e3f42391e4c187e099263cf7a1c4b69ff5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23083.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.18.0

Fixed

5.10.249

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.199

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.162

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.122

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.68

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23083.json"