{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23262", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.990Z", "datePublished": "2026-03-18T17:41:08.380Z", "dateUpdated": "2026-03-18T17:41:08.380Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-18T17:41:08.380Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Fix stats report corruption on queue count change\n\nThe driver and the NIC share a region in memory for stats reporting.\nThe NIC calculates its offset into this region based on the total size\nof the stats region and the size of the NIC's stats.\n\nWhen the number of queues is changed, the driver's stats region is\nresized. If the queue count is increased, the NIC can write past\nthe end of the allocated stats region, causing memory corruption.\nIf the queue count is decreased, there is a gap between the driver\nand NIC stats, leading to incorrect stats reporting.\n\nThis change fixes the issue by allocating stats region with maximum\nsize, and the offset calculation for NIC stats is changed to match\nwith the calculation of the NIC."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/google/gve/gve_ethtool.c", "drivers/net/ethernet/google/gve/gve_main.c"], "versions": [{"version": "24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c", "lessThan": "f432f7613c220db32c2c6942420daf7b3f2e7d7e", "status": "affected", "versionType": "git"}, {"version": "24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c", "lessThan": "9d93332397405b62a3300b22d04ac65d990b91ff", "status": "affected", "versionType": "git"}, {"version": "24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c", "lessThan": "837c662f47dac43efa1aef2dd433c6b4b4c073af", "status": "affected", "versionType": "git"}, {"version": "24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c", "lessThan": "df54838ab61826ecc1a562ffa5e280c3ab7289a7", "status": "affected", "versionType": "git"}, {"version": "24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c", "lessThan": "9fa0a755db3e1945fe00f73fe27d85ef6c8818b7", "status": "affected", "versionType": "git"}, {"version": "24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c", "lessThan": "11f8311f69e4c361717371b4901ff92daeb76e9c", "status": "affected", "versionType": "git"}, {"version": "24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c", "lessThan": "7b9ebcce0296e104a0d82a6b09d68564806158ff", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/google/gve/gve_ethtool.c", "drivers/net/ethernet/google/gve/gve_main.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.250", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.200", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.163", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.124", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.70", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.10", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.10.250"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.15.200"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.1.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.6.124"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.12.70"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.18.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f432f7613c220db32c2c6942420daf7b3f2e7d7e"}, {"url": "https://git.kernel.org/stable/c/9d93332397405b62a3300b22d04ac65d990b91ff"}, {"url": "https://git.kernel.org/stable/c/837c662f47dac43efa1aef2dd433c6b4b4c073af"}, {"url": "https://git.kernel.org/stable/c/df54838ab61826ecc1a562ffa5e280c3ab7289a7"}, {"url": "https://git.kernel.org/stable/c/9fa0a755db3e1945fe00f73fe27d85ef6c8818b7"}, {"url": "https://git.kernel.org/stable/c/11f8311f69e4c361717371b4901ff92daeb76e9c"}, {"url": "https://git.kernel.org/stable/c/7b9ebcce0296e104a0d82a6b09d68564806158ff"}], "title": "gve: Fix stats report corruption on queue count change", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Fix stats report corruption on queue count change\n\nThe driver and the NIC share a region in memory for stats reporting.\nThe NIC calculates its offset into this region based on the total size\nof the stats region and the size of the NIC's stats.\n\nWhen the number of queues is changed, the driver's stats region is\nresized. If the queue count is increased, the NIC can write past\nthe end of the allocated stats region, causing memory corruption.\nIf the queue count is decreased, there is a gap between the driver\nand NIC stats, leading to incorrect stats reporting.\n\nThis change fixes the issue by allocating stats region with maximum\nsize, and the offset calculation for NIC stats is changed to match\nwith the calculation of the NIC."}], "id": "CVE-2026-23262", "lastModified": "2026-03-18T18:16:24.770", "metrics": {}, "published": "2026-03-18T18:16:24.770", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/11f8311f69e4c361717371b4901ff92daeb76e9c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7b9ebcce0296e104a0d82a6b09d68564806158ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/837c662f47dac43efa1aef2dd433c6b4b4c073af"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9d93332397405b62a3300b22d04ac65d990b91ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9fa0a755db3e1945fe00f73fe27d85ef6c8818b7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/df54838ab61826ecc1a562ffa5e280c3ab7289a7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f432f7613c220db32c2c6942420daf7b3f2e7d7e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}