UDP Handling Issue in Linux Kernel from Vendor
CVE-2026-23254

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 March 2026

What is CVE-2026-23254?

A flaw in the UDP GRO (Generic Receive Offload) processing of the Linux kernel can lead to errors in packet checksum validation. The udp GRO complete stage incorrectly assumes that all packets have a zeroed encapsulation flag, which is not always true. Certain hardware network interface cards (NICs) and specific setups can set this flag when offloading checksums for UDP-encapsulated traffic. As a result, when the erroneous state occurs, the function udp4_gro_complete() computes the outer UDP header checksum using an incorrect network offset, leading to potential packet processing failures. The issue has been resolved by ensuring that the encapsulation flag is cleared correctly during the GRO completion stage.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux af276a5ac8e938c8b058e3e124073cc1e322d98b < 9d40a85138568696387ef04cd004c64612a70874

Linux 5ef31ea5d053a8f493a772ebad3f3ce82c35d845

Linux 5ef31ea5d053a8f493a772ebad3f3ce82c35d845 < 2e5edb69e5d0e23ef248c56fc977039268c77a7b

References

https://git.kernel.org/stable/c/9d40a85138568696387ef04cd...
https://git.kernel.org/stable/c/b83557bc6f560433fe5d727e2...
https://git.kernel.org/stable/c/2e5edb69e5d0e23ef248c56fc...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.