CVE Catalog

CVE-2026-53236

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

In the Linux kernel, a patch restricts the use of SO_ATTACH_FILTER (cBPF) on TCP sockets to users with CAP_NET_ADMIN capability. This prevents side-channel attacks where an unprivileged application could leak TCP sequence numbers.

Risk Assessment

The organization is at risk of leaking sensitive TCP connection data, potentially enabling session hijacking or network traffic eavesdropping by a local unprivileged attacker.

Recommendation

Immediately update the Linux kernel to a version containing this patch. If an update is not possible, consider restricting TCP socket access for unprivileged users.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SO_ATTACH_FILTER to priv users This patch restricts the use of SO_ATTACH_FILTER (cBPF) on TCP sockets to users with CAP_NET_ADMIN capability. This blocks potential side-channel attack where an unprivileged application attaches a filter to leak TCP sequence/acknowledgment numbers.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS