9.4

CVE-2026-53131

netfilter: require Ethernet MAC header before using eth_hdr()

In the Linux kernel, the following vulnerability has been resolved:

netfilter: require Ethernet MAC header before using eth_hdr()

`ip6t_eui64`, `xt_mac`, the `bitmap:ip,mac`, `hash:ip,mac`, and
`hash:mac` ipset types, and `nf_log_syslog` access `eth_hdr(skb)`
after either assuming that the skb is associated with an Ethernet
device or checking only that the `ETH_HLEN` bytes at
`skb_mac_header(skb)` lie between `skb->head` and `skb->data`.

Make these paths first verify that the skb is associated with an
Ethernet device, that the MAC header was set, and that it spans at
least a full Ethernet header before accessing `eth_hdr(skb)`.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.12.1 < 5.15.210
LinuxLinux Kernel Version >= 5.16 < 6.1.176
LinuxLinux Kernel Version >= 6.2 < 6.6.143
LinuxLinux Kernel Version >= 6.7 < 6.12.94
LinuxLinux Kernel Version >= 6.13 < 6.18.36
LinuxLinux Kernel Version >= 6.19 < 7.0.13
LinuxLinux Kernel Version2.6.12 Update-
LinuxLinux Kernel Version2.6.12 Updaterc2
LinuxLinux Kernel Version2.6.12 Updaterc3
LinuxLinux Kernel Version2.6.12 Updaterc4
LinuxLinux Kernel Version2.6.12 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.345
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 9.4 3.9 5.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/4435888e1bf139d2bfe5911643d4217382136743
Patch
https://git.kernel.org/stable/c/063f43361e884acd7300790e90194430275d0d0c
Patch
https://git.kernel.org/stable/c/726abf97566867f808fec9d8a408eb9698bd570a
Patch
https://git.kernel.org/stable/c/367abcacc13a8e2e7624408b7f593bd1e60e49d9
Patch
https://git.kernel.org/stable/c/5d634afb8b83b49de562792fd0d047416a43bd4d
Patch
https://git.kernel.org/stable/c/cea435ea7e868ea6fdf039bc4f2090c1d829b556
Patch
https://git.kernel.org/stable/c/62443dc21114c0bbc476fa62973db89743f2f137
Patch