CVE-2026-53003 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

pppoe: drop PFC frames

RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT
RECOMMENDED for PPPoE. In practice, pppd does not support negotiating
PFC for PPPoE sessions, and the current PPPoE driver assumes an
uncompressed (2-byte) protocol field. However, the generic PPP layer
function ppp_input() is not aware of the negotiation result, and still
accepts PFC frames.

If a peer with a broken implementation or an attacker sends a frame with
a compressed (1-byte) protocol field, the subsequent PPP payload is
shifted by one byte. This causes the network header to be 4-byte
misaligned, which may trigger unaligned access exceptions on some
architectures.

To reduce the attack surface, drop PPPoE PFC frames. Introduce
ppp_skb_is_compressed_proto() helper function to be used in both
ppp_generic.c and pppoe.c to avoid open-coding.

Published: 2026-06-24

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6`	affected	< cb3beef35ab5e0c1afca9fd7648c6ae499786377
`7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6`	affected	< ba758fdf1399f310b30098b6faa3fd043de47dd2
`7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6`	affected	< fcca1df05322bb04e344dd1178b54b76a08eb7c3
`7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6`	affected	< 8a5e840babc5c0fbd10c73728a13192347771ec6
`7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6`	affected	< 49e41b60ccd1bdbe9e218420f716dd5f9a2f9c71
`7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6`	affected	< 0cab5d077dd1efd2bd1a47271acc35894f945b4f
`7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6`	affected	< 2b5c3c040d020e3ab3b9a8887031202d96843b1e
`7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6`	affected	< cc1ff87bce1ccd38410ab10960f576dcd17db679

Linux

affected

Version	Status	Constraints
`5.0`	affected	—
`0`	unaffected	< 5.0
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.141`	unaffected	≤ 6.6.*
`6.12.91`	unaffected	≤ 6.12.*
`6.18.33`	unaffected	≤ 6.18.*
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6,cb3beef35ab5e0c1afca9fd7648c6ae499786377)`	affected	code_commit	—
`[7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6,ba758fdf1399f310b30098b6faa3fd043de47dd2)`	affected	code_commit	—
`[7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6,fcca1df05322bb04e344dd1178b54b76a08eb7c3)`	affected	code_commit	—
`[7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6,8a5e840babc5c0fbd10c73728a13192347771ec6)`	affected	code_commit	—
`[7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6,49e41b60ccd1bdbe9e218420f716dd5f9a2f9c71)`	affected	code_commit	—
`[7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6,0cab5d077dd1efd2bd1a47271acc35894f945b4f)`	affected	code_commit	—
`[7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6,2b5c3c040d020e3ab3b9a8887031202d96843b1e)`	affected	code_commit	—
`[7fb1b8ca8fa1ee34ffc328f17f78da68c7cc04e6,cc1ff87bce1ccd38410ab10960f576dcd17db679)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.0`	affected	semver	—
`[0,5.0)`	unaffected	semver	—
`[5.10.258,5.10.*]`	unaffected	semver	—
`[5.15.209,5.15.*]`	unaffected	semver	—
`[6.1.175,6.1.*]`	unaffected	semver	—
`[6.6.141,6.6.*]`	unaffected	semver	—
`[6.12.91,6.12.*]`	unaffected	semver	—
`[6.18.33,6.18.*]`	unaffected	semver	—
`[7.0.10,7.0.*]`	unaffected	semver	—
`[7.1,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00508.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0cab5d077dd1efd2bd1a47271acc35894f945b4f
https://git.kernel.org/stable/c/2b5c3c040d020e3ab3b9a8887031202d96843b1e
https://git.kernel.org/stable/c/49e41b60ccd1bdbe9e218420f716dd5f9a2f9c71
https://git.kernel.org/stable/c/8a5e840babc5c0fbd10c73728a13192347771ec6
https://git.kernel.org/stable/c/ba758fdf1399f310b30098b6faa3fd043de47dd2
https://git.kernel.org/stable/c/cb3beef35ab5e0c1afca9fd7648c6ae499786377
https://git.kernel.org/stable/c/cc1ff87bce1ccd38410ab10960f576dcd17db679
https://git.kernel.org/stable/c/fcca1df05322bb04e344dd1178b54b76a08eb7c3
https://lore.kernel.org/linux-cve-announce/2026062447-CVE-2026-53003-ce3c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-53003
https://www.cve.org/CVERecord?id=CVE-2026-53003

History

Sun, 28 Jun 2026 11:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-119

Sun, 28 Jun 2026 08:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Fri, 26 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1102
References		https://lore.kernel.org/linux-cve-announce/2026062447-CVE-2026-53003-ce3c@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-53003 https://www.cve.org/CVERecord?id=CVE-2026-53003
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 24 Jun 2026 21:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: pppoe: drop PFC frames RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the current PPPoE driver assumes an uncompressed (2-byte) protocol field. However, the generic PPP layer function ppp_input() is not aware of the negotiation result, and still accepts PFC frames. If a peer with a broken implementation or an attacker sends a frame with a compressed (1-byte) protocol field, the subsequent PPP payload is shifted by one byte. This causes the network header to be 4-byte misaligned, which may trigger unaligned access exceptions on some architectures. To reduce the attack surface, drop PPPoE PFC frames. Introduce ppp_skb_is_compressed_proto() helper function to be used in both ppp_generic.c and pppoe.c to avoid open-coding.
Title		pppoe: drop PFC frames
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0cab5d077dd1efd2bd1a47271acc35894f945b4f https://git.kernel.org/stable/c/2b5c3c040d020e3ab3b9a8887031202d96843b1e https://git.kernel.org/stable/c/49e41b60ccd1bdbe9e218420f716dd5f9a2f9c71 https://git.kernel.org/stable/c/8a5e840babc5c0fbd10c73728a13192347771ec6 https://git.kernel.org/stable/c/ba758fdf1399f310b30098b6faa3fd043de47dd2 https://git.kernel.org/stable/c/cb3beef35ab5e0c1afca9fd7648c6ae499786377 https://git.kernel.org/stable/c/cc1ff87bce1ccd38410ab10960f576dcd17db679 https://git.kernel.org/stable/c/fcca1df05322bb04e344dd1178b54b76a08eb7c3

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:29:15.268Z

Updated: 2026-06-28T06:37:53.970Z

Reserved: 2026-06-09T07:44:35.377Z

Link: CVE-2026-53003

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53003 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-28T13:15:16Z

Weaknesses

CWE-1102

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object