HOMEVULNERABILITIESCVE-2026-23377
NONE

CVE-2026-23377

Published: March 25, 2026· Updated: Mar 25, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.7th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz

The only user of frag_size field in XDP RxQ info is

bpf_xdp_frags_increase_tail(). It clearly expects whole buff size instead

of DMA write size. Different assumptions in ice driver configuration lead

to negative tailroom.

This allows to trigger kernel panic, when using

XDP_ADJUST_TAIL_GROW_MULTI_BUFF xskxceiver test and changing packet size to

6912 and the requested offset to a huge value, e.g.

XSK_UMEM__MAX_FRAME_SIZE * 100.

Due to other quirks of the ZC configuration in ice, panic is not observed

in ZC mode, but tailroom growing still fails when it should not.

Use fill queue buffer truesize instead of DMA write size in XDP RxQ info.

Fix ZC mode too by using the new helper.

NVD Source

Technical Analysis

CVE-2026-23377 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (2)

Quick Facts

CVE IDCVE-2026-23377
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMar 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23377 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.