CVE-2026-53074 - Vulnerability Details

- bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb

Description

In the Linux kernel, the following vulnerability has been resolved:

bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb

bpf_prog_test_run_skb() calls eth_type_trans() first and then uses
skb->protocol to initialize sk family and address fields for the test
run.

For IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb)
even when the provided test input only contains an Ethernet header.

Reject the input earlier if the Ethernet frame carries IPv4/IPv6
EtherType but the L3 header is too short.

Fold the IPv4/IPv6 header length checks into the existing protocol
switch and return -EINVAL before accessing the network headers.

Published: 2026-06-24

Score: 6.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`fa5cb548ced61b9d3095f32f8a7e427a248c65ee`	affected	< 7254267799d083280c0e53effc101a33add95f7b
`fa5cb548ced61b9d3095f32f8a7e427a248c65ee`	affected	< 6a9f38d5ff11e00bc54baab752642978805e81eb
`fa5cb548ced61b9d3095f32f8a7e427a248c65ee`	affected	< e6aa481f21fc7a41ed344767ea25aae9d03fae71
`fa5cb548ced61b9d3095f32f8a7e427a248c65ee`	affected	< 0a04db240effd85773f66244645a28cedddb72d2
`fa5cb548ced61b9d3095f32f8a7e427a248c65ee`	affected	< 1f882c492d46f90bdb36f4936876c88c28dab21c
`fa5cb548ced61b9d3095f32f8a7e427a248c65ee`	affected	< 8042240412de3222d27b31e89d29336961cad9e4
`fa5cb548ced61b9d3095f32f8a7e427a248c65ee`	affected	< 6def5fe753cbe5b279ee5fd10327b2611cbddaca
`fa5cb548ced61b9d3095f32f8a7e427a248c65ee`	affected	< 12bec2bd4b76d81c5d3996bd14ec1b7f4d983747

Linux

affected

Version	Status	Constraints
`5.9`	affected	—
`0`	unaffected	< 5.9
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.141`	unaffected	≤ 6.6.*
`6.12.91`	unaffected	≤ 6.12.*
`6.18.33`	unaffected	≤ 6.18.*
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[fa5cb548ced61b9d3095f32f8a7e427a248c65ee,7254267799d083280c0e53effc101a33add95f7b)`	affected	code_commit	—
`[fa5cb548ced61b9d3095f32f8a7e427a248c65ee,6a9f38d5ff11e00bc54baab752642978805e81eb)`	affected	code_commit	—
`[fa5cb548ced61b9d3095f32f8a7e427a248c65ee,e6aa481f21fc7a41ed344767ea25aae9d03fae71)`	affected	code_commit	—
`[fa5cb548ced61b9d3095f32f8a7e427a248c65ee,0a04db240effd85773f66244645a28cedddb72d2)`	affected	code_commit	—
`[fa5cb548ced61b9d3095f32f8a7e427a248c65ee,1f882c492d46f90bdb36f4936876c88c28dab21c)`	affected	code_commit	—
`[fa5cb548ced61b9d3095f32f8a7e427a248c65ee,8042240412de3222d27b31e89d29336961cad9e4)`	affected	code_commit	—
`[fa5cb548ced61b9d3095f32f8a7e427a248c65ee,6def5fe753cbe5b279ee5fd10327b2611cbddaca)`	affected	code_commit	—
`[fa5cb548ced61b9d3095f32f8a7e427a248c65ee,12bec2bd4b76d81c5d3996bd14ec1b7f4d983747)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.9`	affected	generic	—
`[0,5.9)`	unaffected	generic	—
`[5.10.258,5.11.0)`	unaffected	semver	—
`[5.15.209,5.16.0)`	unaffected	semver	—
`[6.1.175,6.2.0)`	unaffected	semver	—
`[6.6.141,6.7.0)`	unaffected	semver	—
`[6.12.91,6.13.0)`	unaffected	semver	—
`[6.18.33,6.19.0)`	unaffected	semver	—
`[7.0.10,7.1.0)`	unaffected	semver	—
`[7.1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00164.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0a04db240effd85773f66244645a28cedddb72d2
https://git.kernel.org/stable/c/12bec2bd4b76d81c5d3996bd14ec1b7f4d983747
https://git.kernel.org/stable/c/1f882c492d46f90bdb36f4936876c88c28dab21c
https://git.kernel.org/stable/c/6a9f38d5ff11e00bc54baab752642978805e81eb
https://git.kernel.org/stable/c/6def5fe753cbe5b279ee5fd10327b2611cbddaca
https://git.kernel.org/stable/c/7254267799d083280c0e53effc101a33add95f7b
https://git.kernel.org/stable/c/8042240412de3222d27b31e89d29336961cad9e4
https://git.kernel.org/stable/c/e6aa481f21fc7a41ed344767ea25aae9d03fae71
https://lore.kernel.org/linux-cve-announce/2026062405-CVE-2026-53074-fb09@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-53074
https://www.cve.org/CVERecord?id=CVE-2026-53074

History

Fri, 26 Jun 2026 04:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-125

Fri, 26 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1284
References		https://lore.kernel.org/linux-cve-announce/2026062405-CVE-2026-53074-fb09@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-53074 https://www.cve.org/CVERecord?id=CVE-2026-53074
Metrics	threat_severity `None`	cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 24 Jun 2026 19:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb bpf_prog_test_run_skb() calls eth_type_trans() first and then uses skb->protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb) even when the provided test input only contains an Ethernet header. Reject the input earlier if the Ethernet frame carries IPv4/IPv6 EtherType but the L3 header is too short. Fold the IPv4/IPv6 header length checks into the existing protocol switch and return -EINVAL before accessing the network headers.
Title		bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0a04db240effd85773f66244645a28cedddb72d2 https://git.kernel.org/stable/c/12bec2bd4b76d81c5d3996bd14ec1b7f4d983747 https://git.kernel.org/stable/c/1f882c492d46f90bdb36f4936876c88c28dab21c https://git.kernel.org/stable/c/6a9f38d5ff11e00bc54baab752642978805e81eb https://git.kernel.org/stable/c/6def5fe753cbe5b279ee5fd10327b2611cbddaca https://git.kernel.org/stable/c/7254267799d083280c0e53effc101a33add95f7b https://git.kernel.org/stable/c/8042240412de3222d27b31e89d29336961cad9e4 https://git.kernel.org/stable/c/e6aa481f21fc7a41ed344767ea25aae9d03fae71

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:30:15.337Z

Updated: 2026-06-24T16:30:15.337Z

Reserved: 2026-06-09T07:44:35.383Z

Link: CVE-2026-53074

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53074 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-26T05:45:04Z

Weaknesses

CWE-1284

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object