CVE-2026-23416

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/mseal: update VMA end correctly on merge<br /> <br /> Previously we stored the end of the current VMA in curr_end, and then upon<br /> iterating to the next VMA updated curr_start to curr_end to advance to the<br /> next VMA.<br /> <br /> However, this doesn&amp;#39;t take into account the fact that a VMA might be<br /> updated due to a merge by vma_modify_flags(), which can result in curr_end<br /> being stale and thus, upon setting curr_start to curr_end, ending up with<br /> an incorrect curr_start on the next iteration.<br /> <br /> Resolve the issue by setting curr_end to vma-&gt;vm_end unconditionally to<br /> ensure this value remains updated should this occur.<br /> <br /> While we&amp;#39;re here, eliminate this entire class of bug by simply setting<br /> const curr_[start/end] to be clamped to the input range and VMAs, which<br /> also happens to simplify the logic.