Vulnerability DatabaseCVE-2026-23416

CVE-2026-23416:
Linux Debian vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

mm/mseal: update VMA end correctly on merge

Previously we stored the end of the current VMA in curr_end, and then upon iterating to the next VMA updated curr_start to curr_end to advance to the next VMA.

However, this doesn't take into account the fact that a VMA might be updated due to a merge by vma_modify_flags(), which can result in curr_end being stale and thus, upon setting curr_start to curr_end, ending up with an incorrect curr_start on the next iteration.

Resolve the issue by setting curr_end to vma->vm_end unconditionally to ensure this value remains updated should this occur.

While we're here, eliminate this entire class of bug by simply setting const curr_[start/end] to be clamped to the input range and VMAs, which also happens to simplify the logic.

Source: NVD

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-27456	MEDIUM	4.7	Linux Debian	util-linux	No	Yes	Apr 03, 2026
CVE-2026-2625	MEDIUM	4	Linux Debian	rust-rpm-sequoia	No	No	Apr 03, 2026
CVE-2026-3184	LOW	3.7	Linux Debian	libfdisk1	No	Yes	Apr 03, 2026
CVE-2026-31404	N/A	N/A	Linux Kernel	kernel-debug-devel-matched	No	Yes	Apr 03, 2026
CVE-2026-31403	N/A	N/A	Linux Kernel	kernel	No	Yes	Apr 03, 2026