Description
In the Linux kernel, the following vulnerability has been resolved:

eth: fbnic: Add validation for MTU changes

Increasing the MTU beyond the HDS threshold causes the hardware to
fragment packets across multiple buffers. If a single-buffer XDP program
is attached, the driver will drop all multi-frag frames. While we can't
prevent a remote sender from sending non-TCP packets larger than the MTU,
this will prevent users from inadvertently breaking new TCP streams.

Traditionally, drivers supported XDP with MTU less than 4Kb
(packet per page). Fbnic currently prevents attaching XDP when MTU is too high.
But it does not prevent increasing MTU after XDP is attached.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s fbnic driver lacks validation for MTU adjustments after an XDP program is attached. When the MTU is increased beyond the hardware fragmentation threshold, packets are fragmented across multiple buffers and any attached XDP program in single‑buffer mode will drop those multi‑frag frames. This results in dropped packets that can prevent the establishment of new TCP streams, effectively causing a denial of service for network applications relying on XDP.

Affected Systems

All Linux kernel variants that include the fbnic network driver are affected, particularly systems that have XDP programs attached to fbnic interfaces. The vulnerability applies to every kernel release before the patch that added MTU validation; no specific version ranges are listed, so any kernel pointing to the fbnic module is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.5 denotes moderate severity, and the EPSS score of less than 1% indicates a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that attackers would need to influence MTU changes on a vulnerable system, as increasing the MTU after XDP attachment triggers the issue. This scenario is more likely in a compromised or misconfigured environment. The likely attack vector involves manipulating system configuration to raise the MTU beyond the hardware fragmentation threshold, leading to packet drops and potential denial of service.

Generated by OpenCVE AI on June 18, 2026 at 07:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the recent fbnic MTU validation patch.
  • If an immediate kernel upgrade is not possible, reset the MTU to a value below the hardware fragmentation threshold before attaching or continuing to use XDP programs.
  • Avoid increasing the MTU after XDP has been attached; monitor MTU settings through system configuration tools to prevent accidental changes.

Generated by OpenCVE AI on June 18, 2026 at 07:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Thu, 28 May 2026 12:15:00 +0000


Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-frag frames. While we can't prevent a remote sender from sending non-TCP packets larger than the MTU, this will prevent users from inadvertently breaking new TCP streams. Traditionally, drivers supported XDP with MTU less than 4Kb (packet per page). Fbnic currently prevents attaching XDP when MTU is too high. But it does not prevent increasing MTU after XDP is attached.
Title eth: fbnic: Add validation for MTU changes
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:08.442Z

Reserved: 2026-05-13T15:03:33.088Z

Link: CVE-2026-45952

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:11.713

Modified: 2026-06-17T10:52:47.133

Link: CVE-2026-45952

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45952 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T07:45:03Z

Weaknesses