In the Linux kernel, the following vulnerability has been resolved:
iptunnel: adapt iptunnelxmitstats() to NETDEVPCPUSTATDSTATS
Blamed commits forgot that vxlan/geneve use udptunnel[6]xmitskb() which call iptunnelxmit_stats().
iptunnelxmitstats() was assuming tunnels were only using NETDEVPCPUSTAT_TSTATS.
@syncp offset in pcpuswnetstats and pcpu_dstats is different.
32bit kernels would either have corruptions or freezes if the syncp sequence was overwritten.
This patch also moves pcpustattype closer to dev->{t,d}stats to avoid a potential cache line miss since iptunnelxmitstats() needs to read it.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23459.json",
"cna_assigner": "Linux"
}