CVE-2026-53074

ANALYSIS PENDING

bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb bpf_prog_test_run_skb() calls eth_type_trans() first and then uses skb->protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb) even when the provided test input only contains an Ethernet header. Reject the input earlier if the Ethernet frame carries IPv4/IPv6 EtherType but the L3 header is too short. Fold the IPv4/IPv6 header length checks into the existing protocol switch and return -EINVAL before accessing the network headers.

Scores

EPSS 0.0016
EPSS Percentile 6.0%

Details

Status published
Products (25)
linux/Kernel 5.11.0 - 5.15.209linux
linux/Kernel 5.16.0 - 6.1.175linux
linux/Kernel 5.9.0 - 5.10.258linux
linux/Kernel 6.13.0 - 6.18.33linux
linux/Kernel 6.19.0 - 7.0.10linux
linux/Kernel 6.2.0 - 6.6.141linux
linux/Kernel 6.7.0 - 6.12.91linux
Linux/Linux < 5.9
Linux/Linux 5.10.258 - 5.10.*
Linux/Linux 5.15.209 - 5.15.*
... and 15 more
Published Jun 24, 2026
Tracked Since Jun 24, 2026