CVE-2026-23459:
Linux Debian vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS

Blamed commits forgot that vxlan/geneve use udp_tunnel[6]_xmit_skb() which call iptunnel_xmit_stats().

iptunnel_xmit_stats() was assuming tunnels were only using NETDEV_PCPU_STAT_TSTATS.

@syncp offset in pcpu_sw_netstats and pcpu_dstats is different.

32bit kernels would either have corruptions or freezes if the syncp sequence was overwritten.

This patch also moves pcpu_stat_type closer to dev->{t,d}stats to avoid a potential cache line miss since iptunnel_xmit_stats() needs to read it.

Source: NVD

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Published April 3, 2026

CNA Score N/A

Affected Technologies

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 6.5

Exploitation Probability (EPSS) N/A

Affected packages and libraries

Sources

NVD
Debian Security Tracker
- Debian 14 Has FixAdded at: Apr 05, 2026
Ubuntu Security Tracker
- Ubuntu 16.04, 18.04, 20.04 Severity MEDIUMNo FixAdded at: Apr 07, 2026
- Ubuntu 24.04, 25.10 Severity MEDIUMNo FixAdded at: Apr 09, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-41445	HIGH	8.7	Linux Debian	kissfft	No	No	Apr 20, 2026
CVE-2026-28684	MEDIUM	6.6	Linux Debian	python-dotenv	No	No	Apr 20, 2026
CVE-2026-6654	MEDIUM	5.1	Rust	thin-vec	No	Yes	Apr 20, 2026
CVE-2026-3219	MEDIUM	4.6	Linux Debian	python-pip	No	No	Apr 20, 2026
CVE-2026-5958	LOW	2.1	Linux Debian	sed	No	No	Apr 20, 2026