7.8

CVE-2026-22988

arp: do not assume dev_hard_header() does not change skb->head

In the Linux kernel, the following vulnerability has been resolved:

arp: do not assume dev_hard_header() does not change skb->head

arp_create() is the only dev_hard_header() caller
making assumption about skb->head being unchanged.

A recent commit broke this assumption.

Initialize @arp pointer after dev_hard_header() call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.12.64 < 6.12.66
LinuxLinux Kernel Version >= 6.18.4 < 6.18.6
LinuxLinux Kernel Version6.1.160
LinuxLinux Kernel Version6.6.120
LinuxLinux Kernel Version6.19 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/e432dbff342b95fe44645f9a90fcf333c80f4b5e
Patch
https://git.kernel.org/stable/c/393525dee5c39acff8d6705275d7fcaabcfb7f0a
Patch
https://git.kernel.org/stable/c/70bddc16491ef4681f3569b3a2c80309a3edcdd1
Patch
https://git.kernel.org/stable/c/029935507d0af6553c45380fbf6feecf756fd226
Patch
https://git.kernel.org/stable/c/dd6ccec088adff4bdf33e2b2dd102df20a7128fa
Patch
https://git.kernel.org/stable/c/949647e7771a4a01963fe953a96d81fba7acecf3
Patch
https://git.kernel.org/stable/c/c92510f5e3f82ba11c95991824a41e59a9c5ed81
Patch