bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb

Summary

CVE	CVE-2026-53074
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-06-24 17:17:21 UTC
Updated	2026-06-24 17:17:21 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb bpf_prog_test_run_skb() calls eth_type_trans() first and then uses skb->protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb) even when the provided test input only contains an Ethernet header. Reject the input earlier if the Ethernet frame carries IPv4/IPv6 EtherType but the L3 header is too short. Fold the IPv4/IPv6 header length checks into the existing protocol switch and return -EINVAL before accessing the network headers.

Risk And Classification

EPSS: 0.001640000 probability, percentile 0.059630000 (date 2026-06-25)

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected fa5cb548ced61b9d3095f32f8a7e427a248c65ee 7254267799d083280c0e53effc101a33add95f7b git	Not specified
CNA	Linux	Linux	affected fa5cb548ced61b9d3095f32f8a7e427a248c65ee 6a9f38d5ff11e00bc54baab752642978805e81eb git	Not specified
CNA	Linux	Linux	affected fa5cb548ced61b9d3095f32f8a7e427a248c65ee e6aa481f21fc7a41ed344767ea25aae9d03fae71 git	Not specified
CNA	Linux	Linux	affected fa5cb548ced61b9d3095f32f8a7e427a248c65ee 0a04db240effd85773f66244645a28cedddb72d2 git	Not specified
CNA	Linux	Linux	affected fa5cb548ced61b9d3095f32f8a7e427a248c65ee 1f882c492d46f90bdb36f4936876c88c28dab21c git	Not specified
CNA	Linux	Linux	affected fa5cb548ced61b9d3095f32f8a7e427a248c65ee 8042240412de3222d27b31e89d29336961cad9e4 git	Not specified
CNA	Linux	Linux	affected fa5cb548ced61b9d3095f32f8a7e427a248c65ee 6def5fe753cbe5b279ee5fd10327b2611cbddaca git	Not specified
CNA	Linux	Linux	affected fa5cb548ced61b9d3095f32f8a7e427a248c65ee 12bec2bd4b76d81c5d3996bd14ec1b7f4d983747 git	Not specified
CNA	Linux	Linux	affected 5.9	Not specified
CNA	Linux	Linux	unaffected 5.9 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.258 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.209 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.175 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.141 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.91 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.33 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0.10 7.0.* semver	Not specified
CNA	Linux	Linux	unaffected 7.1 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/1f882c492d46f90bdb36f4936876c88c28dab21c	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/12bec2bd4b76d81c5d3996bd14ec1b7f4d983747	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/8042240412de3222d27b31e89d29336961cad9e4	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/6def5fe753cbe5b279ee5fd10327b2611cbddaca	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/e6aa481f21fc7a41ed344767ea25aae9d03fae71	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/0a04db240effd85773f66244645a28cedddb72d2	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/6a9f38d5ff11e00bc54baab752642978805e81eb	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/7254267799d083280c0e53effc101a33add95f7b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.