Description
In the Linux kernel, the following vulnerability has been resolved:

netlabel: validate unlabeled address and mask attribute lengths

netlbl_unlabel_addrinfo_get() used the address attribute length to
determine whether the attribute data could be read as an IPv4 or IPv6
address, but did not independently validate the corresponding mask
attribute length. A crafted Generic Netlink request could therefore
provide a valid IPv4/IPv6 address attribute with a shorter mask
attribute, which would later be read as a full struct in_addr or
struct in6_addr.

NLA_BINARY policy lengths are maximum lengths by default, so use
NLA_POLICY_EXACT_LEN() for the unlabeled IPv4/IPv6 address and mask
attributes. This rejects short attributes during policy validation and
also exposes the exact length requirements through policy introspection.
Published: 2026-06-25
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Netlabel subsystem in the Linux kernel contains a flaw where the function that retrieves address information uses the length of an IPv4 or IPv6 address attribute to decide how much data to read, but it does not independently verify that the accompanying mask attribute is of sufficient length. A crafted Generic Netlink request can therefore supply a valid address attribute with a shorter mask attribute, prompting the kernel to read the mask as a full address structure. This missing validation can lead to an out‑of‑bounds read within the kernel, potentially causing a crash.

Affected Systems

All Linux kernel releases prior to the application of the patch that validates unlabeled address and mask attribute lengths. The vulnerability resides in the core netlabel component of the kernel and is not limited to any particular configuration of a system that builds with the default netlabel provider.

Risk and Exploitability

The flaw is triggered by a specially crafted Generic Netlink message sent to the netlabel interface. The CVE description does not specify that elevated privileges are required; the attack likely requires access to the local netlink socket, which may be available to users with network or local execution rights. Exploitation can cause a kernel crash, leading to denial of service for the affected system. No public exploit evidence is available, the EPSS score is not disclosed, and the vulnerability is not listed in the CISA KEV catalog, indicating limited known exploitation activity.

Generated by OpenCVE AI on June 25, 2026 at 13:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel update that includes the netlabel patch or rebuild the kernel with the updated netlabel module
  • Disable the netlabel subsystem if it is not required for your networking configuration
  • Block Generic Netlink traffic that targets the netlabel interface using firewall or access control
  • Configure the kernel to use NLA_POLICY_EXACT_LEN for both address and mask attributes to enforce strict length checking during policy validation

Generated by OpenCVE AI on June 25, 2026 at 13:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlbl_unlabel_addrinfo_get() used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independently validate the corresponding mask attribute length. A crafted Generic Netlink request could therefore provide a valid IPv4/IPv6 address attribute with a shorter mask attribute, which would later be read as a full struct in_addr or struct in6_addr. NLA_BINARY policy lengths are maximum lengths by default, so use NLA_POLICY_EXACT_LEN() for the unlabeled IPv4/IPv6 address and mask attributes. This rejects short attributes during policy validation and also exposes the exact length requirements through policy introspection.
Title netlabel: validate unlabeled address and mask attribute lengths
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:39:34.492Z

Reserved: 2026-06-09T07:44:35.393Z

Link: CVE-2026-53238

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T18:45:03Z

Weaknesses

No weakness.