Description
In the Linux kernel, the following vulnerability has been resolved:

ipvs: skip ipv6 extension headers for csum checks

Protocol checksum validation fails for IPv6 if there are extension
headers before the protocol header. iph->len already contains its
offset, so use it to fix the problem.
Published: 2026-05-27
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Protocol checksum validation fails for IPv6 when an extension header precedes the protocol header. The checksum calculation incorrectly ignores the packet length offset (iph->len) that already includes the extension headers, allowing packets with such headers to be considered valid or to trigger errors. This flaw represents an incorrect handling of packet headers during checksum computation, which could be exploited to manipulate or disrupt network traffic.

Affected Systems

The flaw exists in the Linux kernel across all distributions that use the open‑source Linux kernel until the patch committing 05cfe9863ef049d98141dc2969eefde72fb07625 or later is applied. No specific kernel versions are enumerated, so any version prior to receiving this commit is potentially affected.

Risk and Exploitability

The advisory provides no CVSS metric and the EPSS score is 0.00018, indicating a very low likelihood of exploitation. Because the vulnerability requires crafting IPv6 packets with extension headers, the attack vector is most likely remote network‑based. An attacker who succeeds could bypass checksum validation to transmit malformed packets, potentially leading to traffic manipulation or denial‑of‑service. Although no public exploit or KEV listing exists, the fact that the bug can affect global packet handling suggests a non‑negligible risk if the system remains unpatched.

Generated by OpenCVE AI on May 28, 2026 at 17:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes commit 05cfe9863ef049d98141dc2969eefde72fb07625 or later, which corrects the checksum logic.
  • If an immediate upgrade is unavailable, disable IPv6 extension headers on essential interfaces or enforce strict packet filtering rules to block malformed IPv6 packets.
  • Continuously monitor system logs for checksum errors or anomalous packet activity to detect attempts that may exploit the flaw.

Generated by OpenCVE AI on May 28, 2026 at 17:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-107
CWE-20

Thu, 28 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-354
References

Wed, 27 May 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-107
CWE-20

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ipvs: skip ipv6 extension headers for csum checks Protocol checksum validation fails for IPv6 if there are extension headers before the protocol header. iph->len already contains its offset, so use it to fix the problem.
Title ipvs: skip ipv6 extension headers for csum checks
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:15:21.389Z

Reserved: 2026-05-13T15:03:33.079Z

Link: CVE-2026-45850

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:56.970

Modified: 2026-06-17T10:52:36.347

Link: CVE-2026-45850

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45850 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T17:45:22Z

Weaknesses
  • CWE-354

    Improper Validation of Integrity Check Value