CVE-2026-53074
ANALYSIS PENDINGbpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb bpf_prog_test_run_skb() calls eth_type_trans() first and then uses skb->protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb) even when the provided test input only contains an Ethernet header. Reject the input earlier if the Ethernet frame carries IPv4/IPv6 EtherType but the L3 header is too short. Fold the IPv4/IPv6 header length checks into the existing protocol switch and return -EINVAL before accessing the network headers.
References (8)
Core 8
Core References
Scores
EPSS
0.0016
EPSS Percentile
6.0%
Details
Status
published
Products (25)
linux/Kernel
5.11.0 - 5.15.209linux
linux/Kernel
5.16.0 - 6.1.175linux
linux/Kernel
5.9.0 - 5.10.258linux
linux/Kernel
6.13.0 - 6.18.33linux
linux/Kernel
6.19.0 - 7.0.10linux
linux/Kernel
6.2.0 - 6.6.141linux
linux/Kernel
6.7.0 - 6.12.91linux
Linux/Linux
< 5.9
Linux/Linux
5.10.258 - 5.10.*
Linux/Linux
5.15.209 - 5.15.*
... and 15 more
Published
Jun 24, 2026
Tracked Since
Jun 24, 2026