CVE-2026-23048

{"id": "CVE-2026-23048", "cveTags": [], "metrics": {}, "published": "2026-02-04T16:16:20.343", "references": [{"url": "https://git.kernel.org/stable/c/0c63d5683eae6a7b4d81382bcbecb2a19feff90d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e5c8eda39a9fc1547d1398d707aa06c1d080abdd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: call skb_orphan() before skb_attempt_defer_free()\n\nStandard UDP receive path does not use skb->destructor.\n\nBut skmsg layer does use it, since it calls skb_set_owner_sk_safe()\nfrom udp_read_skb().\n\nThis then triggers this warning in skb_attempt_defer_free():\n\n DEBUG_NET_WARN_ON_ONCE(skb->destructor);\n\nWe must call skb_orphan() to fix this issue."}], "lastModified": "2026-02-04T16:33:44.537", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}