Vulnerability in Linux Kernel Affecting IPv6 Packet Handling
CVE-2026-53362

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
4 July 2026

What is CVE-2026-53362?

A vulnerability exists in the Linux kernel's handling of IPv6 packets, specifically affecting the paged allocation path in the __ip6_append_data() function. When utilizing certain flags in UDPv6 sockets, like MSG_MORE in conjunction with MSG_SPLICE_PAGES, improper calculations of allocated length and paged length can lead to memory corruption. The vulnerability arises from incorrect accounting for the fraggap value, resulting in a potential risk for unprivileged users to manipulate memory past allocated boundaries, thereby compromising system integrity. This issue highlights the importance of thorough checks during memory operations to avoid unintended access to protected areas.

Affected Version(s)

Linux 773ba4fe9104a64a54d1c00f0fb6ffb95def2b03 < 14200d435af9a9eeb444f529fc2f689a236b7962

Linux 773ba4fe9104a64a54d1c00f0fb6ffb95def2b03 < 65fb14cbebb0cd0eff903a22d33537ddc8b95769

Linux 773ba4fe9104a64a54d1c00f0fb6ffb95def2b03 < 46f201f8b4c39633a1fa3dc12459f506d470993d

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.