Buffer Oversize Vulnerability in Linux Kernel Affects Data Allocation Process
CVE-2026-53366

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
16 July 2026

What is CVE-2026-53366?

In the Linux kernel, a vulnerability has been identified that arises during the paged allocation process for IPv4 data handling. Specifically, the issue occurs in the __ip_append_data() function where calculation errors lead to an undersized linear area in new socket buffers (skbs). The allocation length (alloclen) and paged length (pagedlen) mismanagement is caused by an improper handling of 'fraggap,' which refers to gaps in fragmented data. The vulnerability stems from the paged allocation path not accurately incorporating these gaps, leading to potential data handling errors. Correcting this issue aligns the paged branch's calculations with the non-paged branch, ensuring that any gaps from previous skbs are considered, thereby eliminating risks associated with incorrect buffer sizes.

Affected Version(s)

Linux 8eb77cc73977d88787b37c92831b1c242e035396

Linux 8eb77cc73977d88787b37c92831b1c242e035396

Linux 8eb77cc73977d88787b37c92831b1c242e035396 < 77798d7be6ef71e72fb6fc8a2901bf74ebc9706f

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.