CVE-2026-23083
Published: 04 February 2026
Summary
CVE-2026-23083 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-23083 is a vulnerability in the Linux kernel's fou (Foo-over-UDP) component. The issue arises when FOU_ATTR_IPPROTO is set to 0, causing fou_udp_recv() to neither free the skb nor resubmit it in ip_protocol_deliver_rcu(). This flaw has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation enables high-impact disruption to confidentiality, integrity, and availability.
Mitigation involves applying kernel patches that forbid setting FOU_ATTR_IPPROTO to 0, as detailed in the referenced stable commits: https://git.kernel.org/stable/c/1cc98b8887cabb1808d2f4a37cd10a7be7574771, https://git.kernel.org/stable/c/611ef4bd9c73d9e6d87bed57a635ff1fdd8c91ea, https://git.kernel.org/stable/c/6e983789b7588ee59cbf303583546c043bad8e19, https://git.kernel.org/stable/c/7a9bc9e3f42391e4c187e099263cf7a1c4b69ff5, and https://git.kernel.org/stable/c/9b75dff8446ec871030d8daf5a69e74f5fe8b956.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5459
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOU_ATTR_IPPROTO. fou_udp_recv() has the same problem mentioned in the previous patch. If FOU_ATTR_IPPROTO is set to 0, skb is not freed by fou_udp_recv() nor "resubmit"-ted…
more
in ip_protocol_deliver_rcu(). Let's forbid 0 for FOU_ATTR_IPPROTO.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel vulnerability in FOU component allows low-privileged attacker to trigger skb mishandling leading to high-impact C/I/A compromise, directly enabling privilege escalation via kernel exploit.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely remediation via kernel patches directly resolves the FOU_ATTR_IPPROTO=0 flaw by forbidding invalid values and ensuring proper skb handling.
Requires validation of kernel inputs like FOU_ATTR_IPPROTO to block invalid values such as 0, preventing skb mishandling in fou_udp_recv().
Vulnerability scanning detects Linux kernel versions vulnerable to CVE-2026-23083, enabling targeted patching and mitigation.