Skip to content

Triage for CVE-2026-23243 && CVE-2026-23269 #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
amitu314 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Triage for CVE-2026-23243 && CVE-2026-23269 #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions vulns/CVE-2026-23243.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
reachability: local
memory_corruption: true
bug_class: out of bound write
impact: crash, possible code execution, data leak
privileges_required: true
notes: User controlled data length that if negative results in exceeding segment size causing out of bound write. CONFIG_INFINIBAND_USER_MAD needs to be enabled for exploitation
author: Microsoft
version: 0.1
8 changes: 8 additions & 0 deletions vulns/CVE-2026-23269.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
reachability: local
memory_corruption: true
bug_class: out of bound read
impact: crash, data leak
privileges_required: true
notes: User controlled data can affect DFA state tables index causing out of bound write if the start state exceeds the number of states in the DFA. CONFIG_SECURITY_APPARMOR needs to be enabled for exploitation
author: Microsoft
version: 0.1