DEBIAN-CVE-2026-23359

In the Linux kernel, the following vulnerability has been resolved:  bpf: Fix stack-out-of-bounds write in devmap  getupperifindexes() iterates over all upper devices and writes their indices into an array without checking bounds.  Also the callers assume that the max number of upper devices is MAXNESTDEV and allocate excludeddevices[1+MAXNESTDEV] on the stack, but that assumption is not correct and the number of upper devices could be larger than MAXNESTDEV (e.g., many macvlans), causing a stack-out-of-bounds write.  Add a max parameter to getupperifindexes() to avoid the issue. When there are too many upper devices, return -EOVERFLOW and abort the redirect.  To reproduce, create more than MAXNESTDEV(8) macvlans on a device with an XDP program attached using BPFFBROADCAST | BPFFEXCLUDEINGRESS. Then send a packet to the device to trigger the XDP redirect path.