CVE-2026-23048

UNKNOWN 0.0

udp: call skb_orphan() before skb_attempt_defer_free()

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path does not use skb->destructor. But skmsg layer does use it, since it calls skb_set_owner_sk_safe() from udp_read_skb(). This then triggers this warning in skb_attempt_defer_free(): DEBUG_NET_WARN_ON_ONCE(skb->destructor); We must call skb_orphan() to fix this issue.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Feb 4, 2026
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

6471658dc66c670580a7616e75f51b52917e7883 < 0c63d5683eae6a7b4d81382bcbecb2a19feff90d 6471658dc66c670580a7616e75f51b52917e7883 < e5c8eda39a9fc1547d1398d707aa06c1d080abdd

Linux / Linux

6.18

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/0c63d5683eae6a7b4d81382bcbecb2a19feff90d git.kernel.org: https://git.kernel.org/stable/c/e5c8eda39a9fc1547d1398d707aa06c1d080abdd