Description
In the Linux kernel, the following vulnerability has been resolved:

arp: do not assume dev_hard_header() does not change skb->head

arp_create() is the only dev_hard_header() caller
making assumption about skb->head being unchanged.

A recent commit broke this assumption.

Initialize @arp pointer after dev_hard_header() call.
Published: 2026-01-23
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Kernel
AI Analysis

Impact

In the Linux kernel a recent change made dev_hard_header() modify the skb->head pointer, breaking the assumption that arp_create() would see an unchanged head. The likely impact is that handling of ARP packets could corrupt kernel memory and trigger a crash, leading to a denial of service. Based on the description it is inferred that attackers would need local kernel privileges to supply crafted ARP traffic to trigger the fault.

Affected Systems

Linux kernel releases 6.1.160, 6.6.120, 6.19 rc4, and other 6.x versions that have not yet adopted the fix are affected. Any distribution embedding the upstream kernel without the patch remains vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.5, indicating moderate severity, and an EPSS score below 1%, suggesting a low likelihood of exploitation. It is not listed in the CISA KEV catalog. The risk is primarily local; a user with the ability to send ARP traffic can force a kernel crash, interrupting services. No public exploit is known, but the potential for memory corruption means the issue should be remediated promptly.

Generated by OpenCVE AI on April 18, 2026 at 18:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest stable kernel update that includes the security fix
  • Reboot the system to load the applied kernel
  • Test ARP handling by sending traffic and reviewing system logs for related errors

Generated by OpenCVE AI on April 18, 2026 at 18:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.1.160:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6.120:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 24 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 23 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: arp: do not assume dev_hard_header() does not change skb->head arp_create() is the only dev_hard_header() caller making assumption about skb->head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after dev_hard_header() call.
Title arp: do not assume dev_hard_header() does not change skb->head
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:36:38.938Z

Reserved: 2026-01-13T15:37:45.937Z

Link: CVE-2026-22988

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T16:15:54.860

Modified: 2026-02-26T18:51:21.247

Link: CVE-2026-22988

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-23T00:00:00Z

Links: CVE-2026-22988 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:00:08Z

Weaknesses