Buffer Oversize Vulnerability in Linux Kernel Affects Data Allocation Process
CVE-2026-53366
What is CVE-2026-53366?
In the Linux kernel, a vulnerability has been identified that arises during the paged allocation process for IPv4 data handling. Specifically, the issue occurs in the __ip_append_data() function where calculation errors lead to an undersized linear area in new socket buffers (skbs). The allocation length (alloclen) and paged length (pagedlen) mismanagement is caused by an improper handling of 'fraggap,' which refers to gaps in fragmented data. The vulnerability stems from the paged allocation path not accurately incorporating these gaps, leading to potential data handling errors. Correcting this issue aligns the paged branch's calculations with the non-paged branch, ensuring that any gaps from previous skbs are considered, thereby eliminating risks associated with incorrect buffer sizes.
Affected Version(s)
Linux 8eb77cc73977d88787b37c92831b1c242e035396
Linux 8eb77cc73977d88787b37c92831b1c242e035396
Linux 8eb77cc73977d88787b37c92831b1c242e035396 < 77798d7be6ef71e72fb6fc8a2901bf74ebc9706f