CVE intelligence and bounded remediation
CVE-2026-23386 — Linux Linux Kernel security vulnerability
In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL In DQ-QPL mode, gve_tx_clean_pending_packets() incorrectly uses the RDA buffer cleanup path. It iterates num_bufs times and attempts to unmap entries in the dma array. This leads to two issues: 1. The dma array shares storage with tx_qpl_buf_ids (union). Interpreting buffer IDs as DMA addresses results in attempting to unmap incorrect memory locations. 2. num_bufs in QPL mode (counting 2K chunks) can significantly exceed the size of the dma array, causing out-of-bounds access warnings (trace below is how we noticed this issue). UBSAN: array-index-out-of-bounds in drivers/net/ethernet/drivers/net/ethernet/google/gve/gve_tx_dqo.c:178:5 index 18 is out of range for type 'dma_addr_t[18]' (aka 'unsigned long long[18]') Workqueue: gve gve_service_task [gve] Call Trace: <TASK> dump_stack_lvl+0x33/0xa0 __ubsan_handle_out_of_bounds+0xdc/0x110 gve_tx_stop_ring_dqo+0x182/0x200 [gve] gve_close+0x1be/0x450 [gve] gve_reset+0x99/0x120 [gve] gve_service_task+0x61/0x100 [gve] process_scheduled_works+0x1e9/0x380 Fix this by properly checking for QPL mode and…
- Severity
- Medium
- CVSS
- 5.5 (3.1)
- Published
- 2026-03-25
- CISA KEV
- Not currently listed
- Ecosystem
- linux/kernel
Affected products
- linux / linux_kernel
- linux / linux_kernel / 6.6
- linux / linux_kernel / 7.0
Matched remediation archetype
Buffer bounds, memory safety, and memory corruption
This catalog composition supplies bounded fallback guidance. Explicitly reviewed curated workflows load with the complete record below.
Check exposure
- Identify affected native-code versions, build flags, architectures, parsers, codecs, drivers, and input paths in all shipped artifacts.
- Determine whether untrusted data reaches the affected routine and the process privilege, sandbox, and network exposure.
- Confirm statically linked, vendored, firmware, and platform-provided copies, not only package-manager records.
Remediate safely
- Apply the maintained upstream correction or replace the affected component, then rebuild every dependent artifact from clean inputs.
- Adopt bounds-checked interfaces, validated sizes and integer conversions, clear ownership, and memory-safe components where practical.
- Enable supported compiler and runtime hardening and add sanitized tests and fuzz regression seeds derived from non-weaponized fixtures.
Authoritative sources
Complete CVE record and remediation plan
The detailed catalog view below loads this exact record, its source evidence, and the full seven-phase agentic change plan.