CVE-2026-23284
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
In the Linux kernel, a vulnerability was found in the mtk_eth_soc driver where the eBPF program pointer in mtk_xdp_setup() is not reset to old_prog on error in mtk_open, and its ref-count is incorrectly decreased.
Risk Assessment
This could lead to memory leaks or use-after-free, potentially allowing a local attacker to destabilize the system or escalate privileges.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit 0a1b2c3d4e5f...). Monitor official security advisories from your distribution.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup() Reset eBPF program pointer to old_prog and do not decrease its ref-count if mtk_open routine in mtk_xdp_setup() fails.

