-

CVE-2026-53014

net/sched: act_mirred: fix wrong device for mac_header_xmit check in tcf_blockcast_redir

In the Linux kernel, the following vulnerability has been resolved:

net/sched: act_mirred: fix wrong device for mac_header_xmit check in tcf_blockcast_redir

In tcf_blockcast_redir(), when iterating block ports to redirect
packets to multiple devices, the mac_header_xmit flag is queried
from the wrong device. The loop sends to dev_prev but queries
dev_is_mac_header_xmit(dev) — which is the NEXT device in the
iteration, not the one being sent to.

This causes tcf_mirred_to_dev() to make incorrect decisions about
whether to push or pull the MAC header. When the block contains
mixed device types (e.g., an ethernet veth and a tunnel device),
intermediate devices get the wrong mac_header_xmit flag, leading to
skb header corruption. In the worst case, skb_push_rcsum with an
incorrect mac_len can exhaust headroom and panic.

The last device in the loop is handled correctly (line 365-366 uses
dev_is_mac_header_xmit(dev_prev)), confirming this is a copy-paste
oversight for the intermediate devices.

Fix by using dev_prev instead of dev for the mac_header_xmit query,
consistent with the device actually being sent to.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 42f39036cda808d3de243192a2cf5125f12f3047
Version < 8fda5174286119addd28473fb2ec5bdf521c05a8
Status affected
Version 42f39036cda808d3de243192a2cf5125f12f3047
Version < 7db3e4e03032261b1b519341123fc30d995478ca
Status affected
Version 42f39036cda808d3de243192a2cf5125f12f3047
Version < 4764953c4b47585eb72797b216b63a831dc0c7e6
Status affected
Version 42f39036cda808d3de243192a2cf5125f12f3047
Version < 4510d140524ca7d6e772db962e013f26f09a63b1
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.8
Status affected
Version 0
Version < 6.8
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.063
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/8fda5174286119addd28473fb2ec5bdf521c05a8
https://git.kernel.org/stable/c/7db3e4e03032261b1b519341123fc30d995478ca
https://git.kernel.org/stable/c/4764953c4b47585eb72797b216b63a831dc0c7e6
https://git.kernel.org/stable/c/4510d140524ca7d6e772db962e013f26f09a63b1