7.5
CVE-2026-52981
- EPSS 0.54%
- Veröffentlicht 24.06.2026 16:28:57
- Zuletzt bearbeitet 10.07.2026 19:24:19
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
neigh: let neigh_xmit take skb ownership
In the Linux kernel, the following vulnerability has been resolved: neigh: let neigh_xmit take skb ownership neigh_xmit always releases the skb, except when no neighbour table is found. But even the first added user of neigh_xmit (mpls) relied on neigh_xmit to release the skb (or queue it for tx). sashiko reported: If neigh_xmit() is called with an uninitialized neighbor table (for example, NEIGH_ND_TABLE when IPv6 is disabled), it returns -EAFNOSUPPORT and bypasses its internal out_kfree_skb error path. Because the return value of neigh_xmit() is ignored here, does this leak the SKB? Assume full ownership and remove the last code path that doesn't xmit or free skb.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
4fd3d7d9e868ffbdb0e7a67c5c8e9dfdcd846a62
Version <
8a89054a1ec0767aec25ed2bbac933da6ba3cf5a
Status
affected
Version
4fd3d7d9e868ffbdb0e7a67c5c8e9dfdcd846a62
Version <
9247d59ca15bf60a57dca08103f055d8a4340877
Status
affected
Version
4fd3d7d9e868ffbdb0e7a67c5c8e9dfdcd846a62
Version <
0084712e0bee204b284510cdb63182fd5a30c2b7
Status
affected
Version
4fd3d7d9e868ffbdb0e7a67c5c8e9dfdcd846a62
Version <
63063ba60d2dc334e34f1e3f9271d7f3f6f30307
Status
affected
Version
4fd3d7d9e868ffbdb0e7a67c5c8e9dfdcd846a62
Version <
445e45a2c3a078316a62d2d331a570cf34ef5079
Status
affected
Version
4fd3d7d9e868ffbdb0e7a67c5c8e9dfdcd846a62
Version <
4438113be604ee67a7bf4f81da6e1cca41332ce4
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
4.1
Status
affected
Version
0
Version <
4.1
Status
unaffected
Version <=
6.1.*
Version
6.1.175
Status
unaffected
Version <=
6.6.*
Version
6.6.141
Status
unaffected
Version <=
6.12.*
Version
6.12.91
Status
unaffected
Version <=
6.18.*
Version
6.18.33
Status
unaffected
Version <=
7.0.*
Version
7.0.10
Status
unaffected
Version <=
*
Version
7.1
Status
unaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.413 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
https://git.kernel.org/stable/c/8a89054a1ec0767aec25ed2bbac933da6ba3cf5a
https://git.kernel.org/stable/c/9247d59ca15bf60a57dca08103f055d8a4340877
https://git.kernel.org/stable/c/0084712e0bee204b284510cdb63182fd5a30c2b7
https://git.kernel.org/stable/c/63063ba60d2dc334e34f1e3f9271d7f3f6f30307
https://git.kernel.org/stable/c/445e45a2c3a078316a62d2d331a570cf34ef5079
https://git.kernel.org/stable/c/4438113be604ee67a7bf4f81da6e1cca41332ce4