Description
In the Linux kernel, the following vulnerability has been resolved:

bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb

bpf_prog_test_run_skb() calls eth_type_trans() first and then uses
skb->protocol to initialize sk family and address fields for the test
run.

For IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb)
even when the provided test input only contains an Ethernet header.

Reject the input earlier if the Ethernet frame carries IPv4/IPv6
EtherType but the L3 header is too short.

Fold the IPv4/IPv6 header length checks into the existing protocol
switch and return -EINVAL before accessing the network headers.
Published: 2026-06-24
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel test harness for BPF programs, bpf_prog_test_run_skb, mistakenly uses the packet’s Ethertype to access L3 headers even when only an Ethernet header is present, which can cause an out‑of‑bounds read of the raw socket buffer and potentially trigger a kernel crash, resulting in a denial‑of‑service condition.

Affected Systems

All Linux kernel versions that have not yet integrated the commit that rejects short IPv4/IPv6 inputs are affected. The bug is present in the upstream kernel and any distribution using an unpatched kernel should be considered at risk. No specific version range is listed, so the default assumption is any pre‑patch release. The vendor is the Linux kernel maintainers.

Risk and Exploitability

The EPSS score is < 1% and it is not listed in the CISA KEV catalog. Based on the description, it can be inferred that exploitation would require the ability to load and execute BPF programs, which may be a local or privileged operation; the vulnerability can lead to a kernel crash, causing a denial‑of‑service impact. The CVSS score of 6.4 reflects a medium severity risk for denial‑of‑service via a kernel crash.

Generated by OpenCVE AI on June 26, 2026 at 05:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to the latest stable release that includes the bpf_prog_test_run_skb patch or apply the upstream patch directly.
  • If possible, avoid using the test harness with packets that contain only an Ethernet header when the EtherType indicates IPv4 or IPv6; ensure test inputs include complete L3 headers.
  • Monitor system logs for kernel panic or oops messages that may indicate exploitation attempts and ensure host integrity monitoring is in place.

Generated by OpenCVE AI on June 26, 2026 at 05:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Fri, 26 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1284
References
Metrics threat_severity

None

cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb bpf_prog_test_run_skb() calls eth_type_trans() first and then uses skb->protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb) even when the provided test input only contains an Ethernet header. Reject the input earlier if the Ethernet frame carries IPv4/IPv6 EtherType but the L3 header is too short. Fold the IPv4/IPv6 header length checks into the existing protocol switch and return -EINVAL before accessing the network headers.
Title bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:15.337Z

Reserved: 2026-06-09T07:44:35.383Z

Link: CVE-2026-53074

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53074 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T05:45:04Z

Weaknesses
  • CWE-1284

    Improper Validation of Specified Quantity in Input