Login Sign Up

CVE-2026-23140

N/A Unknown
Denial of Service

📋 TL;DR

A Linux kernel BPF subsystem vulnerability allows userspace to supply oversized metadata in XDP test runs, potentially causing uninitialized frame structures and memory corruption. This affects systems running vulnerable Linux kernel versions with BPF/XDP functionality enabled. Attackers with local access could exploit this to cause kernel crashes or potentially execute arbitrary code.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable versions not specified in CVE, but references indicate stable kernel commits from 2024-2025 timeframe.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires BPF/XDP functionality enabled and userspace access to trigger test runs.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to privilege escalation, arbitrary code execution, or complete system compromise.

🟠

Likely Case

Kernel panic, system crash, or denial of service due to invalid memory access.

🟢

If Mitigated

Limited to denial of service if exploit fails or system has additional hardening.

🌐 Internet-Facing: LOW - Requires local access to trigger BPF test runs.
🏢 Internal Only: MEDIUM - Local attackers or malicious users could exploit this to disrupt systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger BPF test runs. Exploitation depends on specific memory layout and kernel hardening features.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 31e37f44b60679d90b9f999c91371b15291be8e0 or later

Vendor Advisory: https://git.kernel.org/stable/c/31e37f44b60679d90b9f999c91371b15291be8e0

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable BPF/XDP test functionality

Linux

Restrict access to BPF test run capabilities through kernel module blacklisting or capability restrictions.

echo 'install bpf_test_run /bin/false' >> /etc/modprobe.d/disable-bpf-test.conf
update-initramfs -u

🧯 If You Can't Patch

  • Restrict user access to BPF/XDP functionality using capabilities (CAP_BPF, CAP_SYS_ADMIN)
  • Implement strict SELinux/AppArmor policies to limit BPF operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if BPF/XDP test functionality is accessible to userspace.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commit: 'uname -r' and check kernel source or distribution patch notes.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • BPF/XDP related errors in dmesg
  • System crash/panic logs

Network Indicators:

  • Unusual BPF program loads from userspace

SIEM Query:

source="kernel" AND ("BPF" OR "XDP") AND ("error" OR "panic" OR "oops")

📊 Metadata

CVE ID: CVE-2026-23140
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON