CVE-2026-23455

CRITICAL EPSS 39.9%
Published Apr 3, 20262mo ago · Modified Jun 17, 20261w ago
9.1 CVSS 3.1
Critical
Find Similar
Published Apr 3, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator byte before passing it to DecodeH323_UserInformation(). If the encoded length is 0, the decrement wraps to -1, which is then passed as a large value to the decoder, leading to an out-of-bounds read. Add a check to ensure len is positive after the decrement.

CVSS Details

Base Score
9.1
Exploitability
3.9
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
39.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥2.6.17  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.167
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.78
linuxlinux_kernel*≥6.13  –  <6.18.20
linuxlinux_kernel*≥6.19  –  <6.19.10
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/2121f5fbe88daff0f1fc5bc47d359426c74b86b0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/495e97af9e7249ee02b72bb1d0848a6efc3700f4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/633e8f87dad32263f6a57dccdb873f042c062111
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/65fa92f79677858b14b9e4b7275f26639afe2710
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9d00fe7d6d7c5b5f1065a6e042b54f2e44bd6df8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b652b05d51003ac074b912684f9ec7486231717b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f173d0f4c0f689173f8cdac79991043a4a89bf66
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f5e4f4e4cdb75ec36802059a94195a31f193da60
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2121f5fbe88daff0f1fc5bc47d359426c74b86b0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/495e97af9e7249ee02b72bb1d0848a6efc3700f4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/633e8f87dad32263f6a57dccdb873f042c062111
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/65fa92f79677858b14b9e4b7275f26639afe2710
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9d00fe7d6d7c5b5f1065a6e042b54f2e44bd6df8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b652b05d51003ac074b912684f9ec7486231717b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f173d0f4c0f689173f8cdac79991043a4a89bf66
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f5e4f4e4cdb75ec36802059a94195a31f193da60
    Patch