Description
In the Linux kernel, the following vulnerability has been resolved:

net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback

NETIF_F_IPV6_CSUM only advertises support for checksum offload of
packets without IPv6 extension headers. Packets with extension
headers must fall back onto software checksumming. Since TSO
depends on checksum offload, those must revert to GSO.

The below commit introduces that fallback. It always checks
network header length. For tunneled packets, the inner header length
must be checked instead. Extend the check accordingly.

A special case is tunneled packets without inner IP protocol. Such as
RFC 6951 SCTP in UDP. Those are not standard IPv6 followed by
transport header either, so also must revert to the software GSO path.
Published: 2026-05-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel’s handling of tunneled traffic caused checksum offload flags to be incorrectly applied for packets that contain IPv6 extension headers. Instead of falling back to software checksum offload and the related Generic Segmentation Offload (GSO) path, the kernel continued to advertise hardware offload support. This mismanagement could result in malformed packets being sent or received, potentially causing connectivity issues or service disruption. The weakness involved improper validation of packet header lengths during the offload decision logic, which maps to incorrect input handling and corresponds to CWE-358.

Affected Systems

The vulnerability affects Linux kernel versions prior to the patch introducing the GSO fallback for tunneled packets. Specifically, the CPE list includes kernels 6.17 RC1 through RC7, and 7.0 RC1 through RC5, as well as any builds before 6.17. Any system running one of these kernels is susceptible.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity. The EPSS score is 0.00053, which translates to an extremely low probability of exploitation. The vulnerability is not listed in CISA KEV. The likely attack vector involves a remote, network‑based adversary crafting traffic that triggers the faulty GSO logic, potentially leading to packet corruption or service disruption. No exploit code or proof‑of‑concepts are documented, so the exact likelihood remains uncertain, but the kernel‑level nature of the flaw suggests a high‑impact scenario should the exploit be realized.

Generated by OpenCVE AI on May 6, 2026 at 21:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that contains the commit that implements the GSO fallback for tunneled traffic, such as the merge of commit 2094a7cf or later
  • If an immediate update is not possible, restart network services to refresh socket state and mitigate transient offload misconfigurations
  • Monitor kernel logs (e.g., dmesg or /var/log/kern.log) for messages about checksum or GSO failures and consider tightening firewall rules to reject suspicious tunneled traffic

Generated by OpenCVE AI on May 6, 2026 at 21:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Wed, 06 May 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*

Sun, 03 May 2026 06:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Sat, 02 May 2026 10:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-358
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 01 May 2026 23:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback NETIF_F_IPV6_CSUM only advertises support for checksum offload of packets without IPv6 extension headers. Packets with extension headers must fall back onto software checksumming. Since TSO depends on checksum offload, those must revert to GSO. The below commit introduces that fallback. It always checks network header length. For tunneled packets, the inner header length must be checked instead. Extend the check accordingly. A special case is tunneled packets without inner IP protocol. Such as RFC 6951 SCTP in UDP. Those are not standard IPv6 followed by transport header either, so also must revert to the software GSO path.
Title net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:06:08.867Z

Reserved: 2026-05-01T14:12:55.981Z

Link: CVE-2026-43057

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T15:16:52.260

Modified: 2026-05-06T18:48:59.573

Link: CVE-2026-43057

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-43057 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T21:45:13Z

Weaknesses