CVE-2026-53074 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb bpf_prog_test_run_skb() calls eth_type_trans() first and then uses skb->protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb) even when the provided test input only contains an Ethernet header. Reject the input earlier if the Ethernet frame carries IPv4/IPv6 EtherType but the L3 header is too short. Fold the IPv4/IPv6 header length checks into the existing protocol switch and return -EINVAL before accessing the network headers.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0a04db240effd85773f66244645a28cedddb72d2
https://git.kernel.org/stable/c/12bec2bd4b76d81c5d3996bd14ec1b7f4d983747
https://git.kernel.org/stable/c/1f882c492d46f90bdb36f4936876c88c28dab21c
https://git.kernel.org/stable/c/6a9f38d5ff11e00bc54baab752642978805e81eb
https://git.kernel.org/stable/c/6def5fe753cbe5b279ee5fd10327b2611cbddaca
https://git.kernel.org/stable/c/7254267799d083280c0e53effc101a33add95f7b
https://git.kernel.org/stable/c/8042240412de3222d27b31e89d29336961cad9e4
https://git.kernel.org/stable/c/e6aa481f21fc7a41ed344767ea25aae9d03fae71

History

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb bpf_prog_test_run_skb() calls eth_type_trans() first and then uses skb->protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb) even when the provided test input only contains an Ethernet header. Reject the input earlier if the Ethernet frame carries IPv4/IPv6 EtherType but the L3 header is too short. Fold the IPv4/IPv6 header length checks into the existing protocol switch and return -EINVAL before accessing the network headers.
Title		bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0a04db240effd85773f66244645a28cedddb72d2 https://git.kernel.org/stable/c/12bec2bd4b76d81c5d3996bd14ec1b7f4d983747 https://git.kernel.org/stable/c/1f882c492d46f90bdb36f4936876c88c28dab21c https://git.kernel.org/stable/c/6a9f38d5ff11e00bc54baab752642978805e81eb https://git.kernel.org/stable/c/6def5fe753cbe5b279ee5fd10327b2611cbddaca https://git.kernel.org/stable/c/7254267799d083280c0e53effc101a33add95f7b https://git.kernel.org/stable/c/8042240412de3222d27b31e89d29336961cad9e4 https://git.kernel.org/stable/c/e6aa481f21fc7a41ed344767ea25aae9d03fae71

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:30:15.337Z

Updated: 2026-06-24T16:30:15.337Z

Reserved: 2026-06-09T07:44:35.383Z

Link: CVE-2026-53074

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object