CVE-2026-45952 - Vulnerability Details

- eth: fbnic: Add validation for MTU changes

Description

In the Linux kernel, the following vulnerability has been resolved:

eth: fbnic: Add validation for MTU changes

Increasing the MTU beyond the HDS threshold causes the hardware to
fragment packets across multiple buffers. If a single-buffer XDP program
is attached, the driver will drop all multi-frag frames. While we can't
prevent a remote sender from sending non-TCP packets larger than the MTU,
this will prevent users from inadvertently breaking new TCP streams.

Traditionally, drivers supported XDP with MTU less than 4Kb
(packet per page). Fbnic currently prevents attaching XDP when MTU is too high.
But it does not prevent increasing MTU after XDP is attached.

Published: 2026-05-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the Linux kernel’s fbnic driver allows an attacker or misconfiguration to increase the MTU beyond the hardware fragmentation threshold after an XDP program has been attached. The driver will then drop all multi-fragment frames, effectively disabling new TCP streams and potentially causing a denial of service for applications relying on those streams. The vulnerability is rooted in missing input validation for MTU adjustments after attachment of XDP programs.

Affected Systems

Linux kernel implementations that use the fbnic driver, especially when XDP programs are attached. The issue applies to all kernel releases prior to the patch that introduced MTU validation. No specific minor or major version ranges are listed, so any kernel variant containing the fbnic driver is potentially affected.

Risk and Exploitability

The CVSS score is not disclosed, and EPSS is not available, making it difficult to quantify exploitation probability. The vulnerability is not in the CISA KEV catalog. Attackers would need to influence MTU changes on a vulnerable system, a scenario more likely in a compromised or misconfigured environment. The risk remains high for deployments that use XDP on fbnic without ensuring MTU integrity, as packet drops could disrupt critical network services.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1b0a3950dbd4fa278dc33401a4faba2a23307a16`	affected	< d7eaa006c0444a5d4671be7efe6dbb33ef8b515e
`1b0a3950dbd4fa278dc33401a4faba2a23307a16`	affected	< 03399063aa0c67fd8bdfd69467ddb849bb3b97df
`1b0a3950dbd4fa278dc33401a4faba2a23307a16`	affected	< ccd8e87748ad083047d6c8544c5809b7f96cc8df

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1b0a3950dbd4fa278dc33401a4faba2a23307a16,d7eaa006c0444a5d4671be7efe6dbb33ef8b515e)`	affected	code_commit	—
`[1b0a3950dbd4fa278dc33401a4faba2a23307a16,03399063aa0c67fd8bdfd69467ddb849bb3b97df)`	affected	code_commit	—
`[1b0a3950dbd4fa278dc33401a4faba2a23307a16,ccd8e87748ad083047d6c8544c5809b7f96cc8df)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	semver	—
`[0,6.18)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the recent fbnic MTU validation patch.
If immediate kernel upgrade is not possible, reset the MTU to a value below the hardware fragmentation threshold before attaching or continuing to use XDP programs.
Avoid increasing the MTU after XDP has been attached; monitor MTU settings through system configuration tools to prevent accidental changes.

Generated by OpenCVE AI on May 27, 2026 at 17:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/03399063aa0c67fd8bdfd69467ddb849bb3b97df
https://git.kernel.org/stable/c/ccd8e87748ad083047d6c8544c5809b7f96cc8df
https://git.kernel.org/stable/c/d7eaa006c0444a5d4671be7efe6dbb33ef8b515e

History

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-frag frames. While we can't prevent a remote sender from sending non-TCP packets larger than the MTU, this will prevent users from inadvertently breaking new TCP streams. Traditionally, drivers supported XDP with MTU less than 4Kb (packet per page). Fbnic currently prevents attaching XDP when MTU is too high. But it does not prevent increasing MTU after XDP is attached.
Title		eth: fbnic: Add validation for MTU changes
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/03399063aa0c67fd8bdfd69467ddb849bb3b97df https://git.kernel.org/stable/c/ccd8e87748ad083047d6c8544c5809b7f96cc8df https://git.kernel.org/stable/c/d7eaa006c0444a5d4671be7efe6dbb33ef8b515e

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:18:08.442Z

Updated: 2026-05-27T12:18:08.442Z

Reserved: 2026-05-13T15:03:33.088Z

Link: CVE-2026-45952

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:11.713

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45952

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T23:00:06Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object