CVE-2026-23048
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/02/2026
Last modified:
04/02/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
udp: call skb_orphan() before skb_attempt_defer_free()<br />
<br />
Standard UDP receive path does not use skb->destructor.<br />
<br />
But skmsg layer does use it, since it calls skb_set_owner_sk_safe()<br />
from udp_read_skb().<br />
<br />
This then triggers this warning in skb_attempt_defer_free():<br />
<br />
DEBUG_NET_WARN_ON_ONCE(skb->destructor);<br />
<br />
We must call skb_orphan() to fix this issue.