CVE-2026-23262
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/03/2026
Last modified:
19/03/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
gve: Fix stats report corruption on queue count change<br />
<br />
The driver and the NIC share a region in memory for stats reporting.<br />
The NIC calculates its offset into this region based on the total size<br />
of the stats region and the size of the NIC&#39;s stats.<br />
<br />
When the number of queues is changed, the driver&#39;s stats region is<br />
resized. If the queue count is increased, the NIC can write past<br />
the end of the allocated stats region, causing memory corruption.<br />
If the queue count is decreased, there is a gap between the driver<br />
and NIC stats, leading to incorrect stats reporting.<br />
<br />
This change fixes the issue by allocating stats region with maximum<br />
size, and the offset calculation for NIC stats is changed to match<br />
with the calculation of the NIC.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/11f8311f69e4c361717371b4901ff92daeb76e9c
- https://git.kernel.org/stable/c/7b9ebcce0296e104a0d82a6b09d68564806158ff
- https://git.kernel.org/stable/c/837c662f47dac43efa1aef2dd433c6b4b4c073af
- https://git.kernel.org/stable/c/9d93332397405b62a3300b22d04ac65d990b91ff
- https://git.kernel.org/stable/c/9fa0a755db3e1945fe00f73fe27d85ef6c8818b7
- https://git.kernel.org/stable/c/df54838ab61826ecc1a562ffa5e280c3ab7289a7
- https://git.kernel.org/stable/c/f432f7613c220db32c2c6942420daf7b3f2e7d7e