CVE ID : CVE-2026-23209<\/p>\n
Published : Feb. 14, 2026, 5:15 p.m. | 1\u00a0hour, 14\u00a0minutes ago<\/p>\n
Description : In the Linux kernel, the following vulnerability has been resolved:<\/p>\n
macvlan: fix error recovery in macvlan_common_newlink()<\/p>\n
valis provided a nice repro to crash the kernel:<\/p>\n
ip link add p1 type veth peer p2
\nip link set address 00:00:00:00:00:20 dev p1
\nip link set up dev p1
\nip link set up dev p2<\/p>\n
ip link add mv0 link p2 type macvlan mode source
\nip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20<\/p>\n
ping -c1 -I p1 1.2.3.4<\/p>\n
He also gave a very detailed analysis:<\/p>\n
The issue is triggered when a new macvlan link is created with
\nMACVLAN_MODE_SOURCE mode and MACVLAN_MACADDR_ADD (or
\nMACVLAN_MACADDR_SET) parameter, lower device already has a macvlan
\nport and register_netdevice() called from macvlan_common_newlink()
\nfails (e.g. because of the invalid link name).<\/p>\n
In this case macvlan_hash_add_source is called from
\nmacvlan_change_sources() \/ macvlan_common_newlink():<\/p>\n
This adds a reference to vlan to the port’s vlan_source_hash using
\nmacvlan_source_entry.<\/p>\n
vlan is a pointer to the priv data of the link that is being created.<\/p>\n
When register_netdevice() fails, the error is returned from
\nmacvlan_newlink() to rtnl_newlink_create():<\/p>\n
if (ops->newlink)
\n err = ops->newlink(dev, ¶ms, extack);
\n else
\n err = register_netdevice(dev);
\n if (err <\/p>\n
With all that, my fix is to make sure we call macvlan_flush_sources()
\nregardless of @create value whenever “goto destroy_macvlan_port;”
\npath is taken.<\/p>\n
Many thanks to valis for following up on this issue.<\/p>\n
Severity: 0.0 | NA<\/p>\n
Visit the link for more details, such as CVSS details, affected products, timeline, and more…\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"
CVE ID : CVE-2026-23209 Published : Feb. 14, 2026, 5:15 p.m. | 1\u00a0hour, 14\u00a0minutes ago Description : In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-77155","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/77155","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=77155"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/77155\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=77155"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=77155"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=77155"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}