7.8
CVE-2026-46300
- EPSS 3.66%
- Veröffentlicht 23.05.2026 11:44:02
- Zuletzt bearbeitet 10.07.2026 12:17:03
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
net: skbuff: preserve shared-frag marker during coalescing
In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backed frags, but the shared-frag marker is currently lost. That breaks the invariant relied on by later in-place writers. In particular, ESP input checks skb_has_shared_frag() before deciding whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP receive coalescing has moved shared frags into an unmarked skb, ESP can see skb_has_shared_frag() as false and decrypt in place over page-cache backed frags. Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged frags. The tailroom copy path does not need the marker because it copies bytes into @to's linear data rather than transferring frag descriptors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.9 <= 5.10.257
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.208
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.174
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.141
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.91
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.33
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.10
Linux ≫ Linux Kernel Version7.1 Updaterc1
Linux ≫ Linux Kernel Version7.1 Updaterc2
Linux ≫ Linux Kernel Version7.1 Updaterc3
Linux ≫ Linux Kernel Version7.1 Updaterc4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.66% | 0.882 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-123 Write-what-where Condition
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://git.kernel.org/stable/c/3599e6b3cc1ada96883d496a50a210d3afbb6987
https://git.kernel.org/stable/c/2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c
https://git.kernel.org/stable/c/9d3e5fd19fe1063bf607219e8562fbd567b8e8d5
https://git.kernel.org/stable/c/78bf6b6bb19541d19fbda6242e7cfe2c682763c0
https://git.kernel.org/stable/c/760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e
https://git.kernel.org/stable/c/3bd9e113d50034db99d7ef69fd8e5242d15e414a
https://git.kernel.org/stable/c/3884358a9286b17f389a72b1426fc4547c23c111
https://git.kernel.org/stable/c/f84eca5817390257cef78013d0112481c503b4a3
http://www.openwall.com/lists/oss-security/2026/05/13/5
http://www.openwall.com/lists/oss-security/2026/05/21/11
http://www.openwall.com/lists/oss-security/2026/05/21/12
http://www.openwall.com/lists/oss-security/2026/05/21/13
https://bugzilla.redhat.com/show_bug.cgi?id=2477015
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46300.json
https://access.redhat.com/errata/RHSA-2026:25044
https://access.redhat.com/errata/RHSA-2026:28887
https://access.redhat.com/errata/RHSA-2026:19521
https://access.redhat.com/errata/RHSA-2026:33486
https://access.redhat.com/errata/RHSA-2026:19568
https://access.redhat.com/errata/RHSA-2026:19569
https://access.redhat.com/errata/RHSA-2026:19875
https://access.redhat.com/errata/RHSA-2026:20593
https://access.redhat.com/errata/RHSA-2026:23233
https://access.redhat.com/errata/RHSA-2026:23245
https://access.redhat.com/errata/RHSA-2026:34098
https://access.redhat.com/errata/RHSA-2026:20087
https://access.redhat.com/errata/RHSA-2026:21656
https://access.redhat.com/errata/RHSA-2026:21690
https://access.redhat.com/errata/RHSA-2026:21695
https://access.redhat.com/errata/RHBA-2026:20032
https://access.redhat.com/errata/RHSA-2026:19540
https://access.redhat.com/errata/RHSA-2026:19664
https://access.redhat.com/errata/RHSA-2026:19666
https://access.redhat.com/errata/RHSA-2026:19705
https://access.redhat.com/errata/RHSA-2026:19711
https://access.redhat.com/errata/RHSA-2026:20051
https://access.redhat.com/errata/RHSA-2026:20054
https://access.redhat.com/errata/RHSA-2026:20129
https://access.redhat.com/errata/RHSA-2026:20130
https://access.redhat.com/errata/RHSA-2026:20299
https://access.redhat.com/errata/RHSA-2026:21702
https://access.redhat.com/errata/RHSA-2026:23240
https://access.redhat.com/errata/RHSA-2026:23468
https://access.redhat.com/errata/RHSA-2026:23469
https://access.redhat.com/errata/RHSA-2026:23470
https://access.redhat.com/errata/RHSA-2026:23471
https://access.redhat.com/errata/RHSA-2026:24814
https://access.redhat.com/security/cve/CVE-2026-46300