CVE-2026-53238
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
A vulnerability was found in the Linux kernel's netlabel subsystem. The netlbl_unlabel_addrinfo_get() function did not validate the length of the mask attribute for unlabeled addresses, allowing a crafted Generic Netlink request with a valid IPv4/IPv6 address but a shorter mask. This caused incomplete data to be read as a full address structure, potentially leading to incorrect behavior or security issues.
Risk Assessment
The organization faces the risk of incorrect processing of network labeling rules, which could allow an attacker to manipulate security policies or bypass IP-based access controls.
Recommendation
Immediately update the Linux kernel to a version containing the fix that enforces strict validation of mask attribute lengths using NLA_POLICY_EXACT_LEN(). Apply the patch from official distribution repositories.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlbl_unlabel_addrinfo_get() used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independently validate the corresponding mask attribute length. A crafted Generic Netlink request could therefore provide a valid IPv4/IPv6 address attribute with a shorter mask attribute, which would later be read as a full struct in_addr or struct in6_addr. NLA_BINARY policy lengths are maximum lengths by default, so use NLA_POLICY_EXACT_LEN() for the unlabeled IPv4/IPv6 address and mask attributes. This rejects short attributes during policy validation and also exposes the exact length requirements through policy introspection.

