What is CVE-2026-23416?

CVE-2026-23416 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, affecting Linux kernel versions from 6.17 onward and patched in 6.18.21, 6.19.11 and 7.0. CVE-2026-23416 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-23416?

CVE-2026-23416 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2026-23416?

Yes, CVE-2026-23416 has been patched. Fixed versions include 6.18.21, 6.19.11 and 7.0. If you are running Linux kernel 6.17 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-23416 actively exploited?

CVE-2026-23416 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-23416

Medium

In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current VMA in curr_end, and then upon iterating to the next VMA updated curr_start to curr_end to advance to the next VMA. However, this doesn't take into account the fact that a VMA might be updated due to a merge by vma_modify_flags(), which can result in curr_end being stale and thus, upon setting curr_start to curr_end, ending up with an incorrect curr_start on the next iteration. Resolve the issue by setting curr_end to vma->vm_end unconditionally to ensure this value remains updated should this occur. While we're here, eliminate this entire class of bug by simply setting const curr_[start/end] to be clamped to the input range and VMAs, which also happens to simplify the logic.

Package Linux Kernel

Published 2026-04-02

Last modified 2026-04-24

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions

Linux kernel versions 6.17 and later are affected. Fixed in 6.18.21, 6.19.11, 7.0 and their respective stable series.

Affected from

≥ 6.17

Fixed in

✓ 6.18.21 6.18.x ✓ 6.19.11 6.19.x ✓ 7.0

References

The following references provide additional information about CVE-2026-23416 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/2697dd8ae721db4f6a53d4f4cbd438212a80f8dc
Patch
Kernel patch commit
https://git.kernel.org/stable/c/40b3f4700e5535fbe74738cebb9379a40ec66bed
Patch
Kernel patch commit
https://git.kernel.org/stable/c/83737e34b83a23b2a9bcf586b058b2c2a54c7c6b
Patch

Details

CVE ID CVE-2026-23416

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2026-04-02

Modified 2026-04-24

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2026-23416?

CVE-2026-23416 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 6.17 onward and has been patched in 6.18.21, 6.19.11 and 7.0. CVE-2026-23416 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2026-23416?

CVE-2026-23416 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2026-23416?

Yes — CVE-2026-23416 has been patched. Fixed versions include 6.18.21, 6.19.11 and 7.0. If you are running Linux kernel 6.17 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-23416 actively exploited?

No — CVE-2026-23416 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.