CVE Catalog

CVE-2026-53221

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.56%

42th percentile — higher than 42% of all known CVEs

Summary

In the Linux kernel, a bug was found in the vti6_tnl_lookup() function causing incorrect tunnel matching for IP6_VTI. During wildcard tunnel fallback search, missing checks allowed hash collisions to match tunnels without actual wildcard addresses.

Risk Assessment

The risk involves potential misrouting of network traffic to an incorrect tunnel, which could lead to data integrity violations, information leaks, or man-in-the-middle attacks.

Recommendation

Immediately update the Linux kernel to a version containing the fix for CVE-2026-53221. Monitor official security advisories from your Linux distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() In vti6_tnl_lookup(), when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels: - Tunnels matching the packet's local address, with any remote address wildcard remote). - Tunnels matching the packet's remote address, with any local address (wildcard local). However, vti6 stores all these different types of tunnels in the same hash table (ip6n->tnls_r_l) prone to hash collisions. The bug is that the fallback search loops in vti6_tnl_lookup() were missing checks to ensure that the candidate tunnel actually has a wildcard address.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS