VYPR
Unrated severityNVD Advisory· Published Feb 4, 2026· Updated Apr 15, 2026

CVE-2026-23048

CVE-2026-23048

Description

In the Linux kernel, the following vulnerability has been resolved:

udp: call skb_orphan() before skb_attempt_defer_free()

Standard UDP receive path does not use skb->destructor.

But skmsg layer does use it, since it calls skb_set_owner_sk_safe() from udp_read_skb().

This then triggers this warning in skb_attempt_defer_free():

DEBUG_NET_WARN_ON_ONCE(skb->destructor);

We must call skb_orphan() to fix this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.