CVE-2026-43036

Published: May 1, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: net: use skb_header_pointer() for TCPv4 GSO frag_off check Syzbot reported a KMSAN uninit-value warning in gso_features_check() called from netif_skb_features() [1]. gso_features_check() reads iph->frag_off to decide whether to clear mangleid_features. Accessing the IPv4 header via ip_hdr()/inner_ip_hdr() can rely on skb header offsets that are not always safe for direct dereference on packets injected from PF_PACKET paths. Use skb_header_pointer() for the TCPv4 frag_off check so the header read is robust whether data is already linear or needs copying. [1] https://syzkaller.appspot.com/bug?extid=1543a7d954d9c6d00407

Vendor	Product	Versions
Linux	Linux	affected `cbc53e08a793b073e79f42ca33f1f3568703540d - < f7a6cd508e9e825a2c69fa9e13d41ee156852f25` affected `cbc53e08a793b073e79f42ca33f1f3568703540d - < cc91202fc20a44aab4c206f12a2bfe05da936051` affected `cbc53e08a793b073e79f42ca33f1f3568703540d - < d970341cfa5594614c7a6634886c7688b4f5cafd` affected `cbc53e08a793b073e79f42ca33f1f3568703540d - < ddc748a391dd8642ba6b2e4fe22e7f2ddf84b7f0`
Linux	Linux	affected `4.7` unaffected `0 - < 4.7` unaffected `6.12.81 - <= 6.12.` unaffected `6.18.22 - <= 6.18.` unaffected `6.19.12 - <= 6.19.*` +1 more versions

References

https://git.kernel.org/stable/c/f7a6cd508e9e825a2c69fa9e13d41ee156852f25

https://git.kernel.org/stable/c/cc91202fc20a44aab4c206f12a2bfe05da936051

https://git.kernel.org/stable/c/d970341cfa5594614c7a6634886c7688b4f5cafd

https://git.kernel.org/stable/c/ddc748a391dd8642ba6b2e4fe22e7f2ddf84b7f0

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43036

Description

Affected Products

References