CVE-2026-53074
UnknownSummary
A vulnerability has been identified in the Linux kernel related to the bpf_prog_test_run_skb function. The issue is that this function may access IP headers even when the provided test input only contains an Ethernet header.
Risk Assessment
Exploitation of this vulnerability could allow an attacker to introduce invalid data, potentially leading to unexpected system behavior or crashes.
Recommendation
It is recommended to update the Linux kernel to the latest version where this vulnerability has been resolved. Additionally, monitor system logs for potential attempts to exploit this flaw.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb bpf_prog_test_run_skb() calls eth_type_trans() first and then uses skb->protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb) even when the provided test input only contains an Ethernet header. Reject the input earlier if the Ethernet frame carries IPv4/IPv6 EtherType but the L3 header is too short. Fold the IPv4/IPv6 header length checks into the existing protocol switch and return -EINVAL before accessing the network headers.

