Linux Kernel Vulnerability Affecting Network Traffic Handling
CVE-2026-43057
What is CVE-2026-43057?
A critical vulnerability has been identified within the Linux kernel, specifically concerning the handling of tunneled traffic when employing IPV6_CSUM GSO fallback. The issue arises as the NETIF_F_IPV6_CSUM flag only supports checksum offloading for packets lacking IPv6 extension headers. Packets that incorporate these headers must transition to a software checksumming method. The introduced code commit expands the fallback mechanisms, ensuring that the network header length is adequately checked for tunneled packets. Notably, there are special cases such as tunneled packets without an inner IP protocol, which necessitate reverting to software GSO paths due to their non-standard formatting. This vulnerability emphasizes the importance of adhering to stringent network protocol standards to maintain system integrity.
Affected Version(s)
Linux a0478d7e888028f85fa7785ea838ce0ca09398e2 < 2094a7cf91b71367b649f991aacc7b579f793d0b
Linux 2156d9e9f2e483c8c3906c0ea57ea312c1424235
Linux 041e2f945f82fdbd6fff577b79c33469430297aa < 33670f780e0120c3dacda188c512bbffe0b6044c