CVE-2026-23284

EUVD-2026-15208
In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup()

Reset eBPF program pointer to old_prog and do not decrease its ref-count
if mtk_open routine in mtk_xdp_setup() fails.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.0 ≤
𝑥
< 6.1.167
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.130
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.77
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.17
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.7
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.257-1
fixed
forky
7.0.12-2
fixed
sid
7.0.13-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.94-1
fixed
linux-6.1
bullseye (security)
6.1.174-1~deb11u1
fixed
References
https://git.kernel.org/stable/c/0abc73c8a40fd64ac1739c90bb4f42c418d27a5e
https://git.kernel.org/stable/c/29629dd7d37349e9fb605375a75de44ac8926ea9
https://git.kernel.org/stable/c/6f95b59520278a72df9905db791b7ea31375fbc1
https://git.kernel.org/stable/c/8c2d76a9658a4dbfcf02f2693a97e2d5ff42197a
https://git.kernel.org/stable/c/b73dfe1ea7be7a072482434643b517d7726f4c8d
https://git.kernel.org/stable/c/ff14cd44c85c20ad69479db73698185de291550c