CVE-2026-53236
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
In the Linux kernel, a patch restricts the use of SO_ATTACH_FILTER (cBPF) on TCP sockets to users with CAP_NET_ADMIN capability. This prevents side-channel attacks where an unprivileged application could leak TCP sequence numbers.
Risk Assessment
The organization is at risk of leaking sensitive TCP connection data, potentially enabling session hijacking or network traffic eavesdropping by a local unprivileged attacker.
Recommendation
Immediately update the Linux kernel to a version containing this patch. If an update is not possible, consider restricting TCP socket access for unprivileged users.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SO_ATTACH_FILTER to priv users This patch restricts the use of SO_ATTACH_FILTER (cBPF) on TCP sockets to users with CAP_NET_ADMIN capability. This blocks potential side-channel attack where an unprivileged application attaches a filter to leak TCP sequence/acknowledgment numbers.

