CVE-2026-23447

April 3, 2026, 4:16 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch also exists in cdc_ncm_rx_verify_ndp32(). The DPE array size is validated against the total skb length without accounting for ndpoffset, allowing out-of-bounds reads when the NDP32 is placed near the end of the NTB. Add ndpoffset to the nframes bounds check and use struct_size_t() to express the NDP-plus-DPE-array size more clearly. Compile-tested only.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • Cdc Ncm
  • *
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
a linux cdc_ncm / / / / / / / /

References

https://git.kernel.org/stable/c/125f932a76a97904ef8a555f1dd53e5d0e288c54
https://git.kernel.org/stable/c/77914255155e68a20aa41175edeecf8121dac391
https://git.kernel.org/stable/c/a5bd5a2710310c965ea4153cba4210988a3454e2
https://git.kernel.org/stable/c/af0d1613d6751489dbf9f69aac1123f0b1e566e5
https://git.kernel.org/stable/c/de70da1fb1d152e981ecb3157f7ec2b633005c16

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-04-03
CVE-2026-23447

Timeline

Published: April 3, 2026, 4:16 p.m.
Last Modified: April 3, 2026, 4:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.