From bf638566f0cc749fa8468f9b1887695502747daf Mon Sep 17 00:00:00 2001
From: amitU <imamit314@gmail.com>
Date: Thu, 19 Mar 2026 11:21:58 -0400
Subject: [PATCH] Triage for CVE-2026-23243 && CVE-2026-23269

---
 vulns/CVE-2026-23243.yml | 8 ++++++++
 vulns/CVE-2026-23269.yml | 8 ++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 vulns/CVE-2026-23243.yml
 create mode 100644 vulns/CVE-2026-23269.yml

diff --git a/vulns/CVE-2026-23243.yml b/vulns/CVE-2026-23243.yml
new file mode 100644
index 0000000..1373726
--- /dev/null
+++ b/vulns/CVE-2026-23243.yml
@@ -0,0 +1,8 @@
+reachability: local
+memory_corruption: true
+bug_class: out of bound write
+impact: crash, possible code execution, data leak
+privileges_required: true
+notes: User controlled data length that if negative results in exceeding segment size causing out of bound write. CONFIG_INFINIBAND_USER_MAD needs to be enabled for exploitation 
+author: Microsoft
+version: 0.1
\ No newline at end of file
diff --git a/vulns/CVE-2026-23269.yml b/vulns/CVE-2026-23269.yml
new file mode 100644
index 0000000..b375cec
--- /dev/null
+++ b/vulns/CVE-2026-23269.yml
@@ -0,0 +1,8 @@
+reachability: local
+memory_corruption: true
+bug_class: out of bound read
+impact:  crash, data leak
+privileges_required: true
+notes: User controlled data can affect DFA state tables index causing out of bound write if the start state exceeds the number of states in the DFA. CONFIG_SECURITY_APPARMOR  needs to be enabled for exploitation 
+author: Microsoft
+version: 0.1
\ No newline at end of file