CVE-2026-43057
net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
01 mai 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the Linux kernel, the following vulnerability has been resolved:
net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback
NETIF_F_IPV6_CSUM only advertises support for checksum offload of
packets without IPv6 extension headers. Packets with extension
headers must fall back onto software checksumming. Since TSO
depends on checksum offload, those must revert to GSO.
The below commit introduces that fallback. It always checks
network header length. For tunneled packets, the inner header length
must be checked instead. Extend the check accordingly.
A special case is tunneled packets without inner IP protocol. Such as
RFC 6951 SCTP in UDP. Those are not standard IPv6 followed by
transport header either, so also must revert to the software GSO path.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
Linux · LinuxQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://git.kernel.org/stable/c/2094a7cf91b71367b649f991aacc7b579f793d0bhttps://git.kernel.org/stable/c/33670f780e0120c3dacda188c512bbffe0b6044chttps://git.kernel.org/stable/c/732fdeb2987c94b439d51f5cb9addddc2fc48c42https://git.kernel.org/stable/c/a98b78116a27e2a57b696b569b2cb431c95cf9b6https://git.kernel.org/stable/c/c4336a07eb6b2526dc2b62928b5104b41a7f81f5https://git.kernel.org/stable/c/ed71cf465c75f5688b07a35d373cd1d6b589c8ea