TCPv4 Fragmentation Handling Issue in Linux Kernel

CVE-2026-43036

What is CVE-2026-43036?

In the Linux kernel, a vulnerability has been identified that affects the handling of TCPv4 fragmentation for packets. An uninitialized value warning was reported due to unsafe header dereferencing in the gso_features_check() function, which evaluates the fragment offset from the IPv4 header. The situation arises when accessing headers through ip_hdr() or inner_ip_hdr() when packet data may be injected from PF_PACKET paths, potentially leading to improper handling of packet features. To mitigate this issue, the Linux kernel has been updated to utilize skb_header_pointer() for safely checking TCPv4 fragment offsets, ensuring robust processing regardless of whether the data is linear or requires copying.

References