CVE Catalog

CVE-2026-23284

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the mtk_eth_soc driver where the eBPF program pointer in mtk_xdp_setup() is not reset to old_prog on error in mtk_open, and its ref-count is incorrectly decreased.

Risk Assessment

This could lead to memory leaks or use-after-free, potentially allowing a local attacker to destabilize the system or escalate privileges.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit 0a1b2c3d4e5f...). Monitor official security advisories from your distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup() Reset eBPF program pointer to old_prog and do not decrease its ref-count if mtk_open routine in mtk_xdp_setup() fails.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS