Description
In the Linux kernel, the following vulnerability has been resolved:

fou: Don't allow 0 for FOU_ATTR_IPPROTO.

fou_udp_recv() has the same problem mentioned in the previous
patch.

If FOU_ATTR_IPPROTO is set to 0, skb is not freed by
fou_udp_recv() nor "resubmit"-ted in ip_protocol_deliver_rcu().

Let's forbid 0 for FOU_ATTR_IPPROTO.
Published: 2026-02-04
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via memory exhaustion
Action: Immediate Patch
AI Analysis

Impact

The Linux kernel includes an attribute for the FOU (Free‑Out‑of‑Band) protocol, FOU_ATTR_IPPROTO, which must not be set to value zero. When zero, the packet receiver fails to free the associated socket buffer and it is not re‑delivered. This oversight causes a kernel‑level memory leak that can accumulate until system memory is exhausted, ultimately destabilizing the kernel or halting further packet processing. The vulnerability is a classic case of resource mismanagement leading to denial of service. Based on the description, no direct exploitation code is provided, but an actor capable of injecting packets that set FOU_ATTR_IPPROTO to zero could trigger the leak.

Affected Systems

Affected systems are Linux kernel builds from 6.19 RC1 through RC6, as indicated by the CPE list, and any kernel that contains the vulnerable fou_udp_recv implementation. The flaw is present in every Linux kernel that ships the fou module without the applied patch. If a system is running 6.19 or later but has not yet incorporated the fix, it remains affected.

Risk and Exploitability

The CVSS score of 7.8 classifies the issue as high severity, while the EPSS score of less than 1% indicates a very low probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack likely requires the attacker to be able to craft or influence FOU packets, which could be possible from external network traffic or local privileged contexts. Because the flaw leads to kernel memory exhaustion, the impact is severe, but the likelihood of an attacker successfully triggering it remains low without further conditions.

Generated by OpenCVE AI on April 17, 2026 at 23:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a patched version that enforces non‑zero FOU_ATTR_IPPROTO values (kernel 6.19 RC7 or newer).
  • Disable the fou module or remove FOU support from the kernel configuration if the feature is not necessary for your environment.
  • Implement network filtering rules to block or limit traffic that may use the fou protocol with invalid attributes, such as restricting AF_PACKET traffic to trusted sources.

Generated by OpenCVE AI on April 17, 2026 at 23:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4475-1 linux security update
Debian DLA Debian DLA DLA-4476-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6126-1 linux security update
Debian DSA Debian DSA DSA-6127-1 linux security update
Ubuntu USN Ubuntu USN USN-8162-1 Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN Ubuntu USN USN-8180-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8180-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8186-1 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8187-1 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8188-1 Linux kernel (HWE) vulnerabilities
History

Sat, 18 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-399
CWE-401

Wed, 18 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 06 Feb 2026 17:00:00 +0000

Type Values Removed Values Added
References

Thu, 05 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 04 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOU_ATTR_IPPROTO. fou_udp_recv() has the same problem mentioned in the previous patch. If FOU_ATTR_IPPROTO is set to 0, skb is not freed by fou_udp_recv() nor "resubmit"-ted in ip_protocol_deliver_rcu(). Let's forbid 0 for FOU_ATTR_IPPROTO.
Title fou: Don't allow 0 for FOU_ATTR_IPPROTO.
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:38:23.034Z

Reserved: 2026-01-13T15:37:45.960Z

Link: CVE-2026-23083

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T17:16:19.163

Modified: 2026-03-18T13:40:23.277

Link: CVE-2026-23083

cve-icon Redhat

Severity :

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23083 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:45:25Z

Weaknesses