CVE-2026-43036

UNKNOWN 0.0

net: use skb_header_pointer() for TCPv4 GSO frag_off check

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: net: use skb_header_pointer() for TCPv4 GSO frag_off check Syzbot reported a KMSAN uninit-value warning in gso_features_check() called from netif_skb_features() [1]. gso_features_check() reads iph->frag_off to decide whether to clear mangleid_features. Accessing the IPv4 header via ip_hdr()/inner_ip_hdr() can rely on skb header offsets that are not always safe for direct dereference on packets injected from PF_PACKET paths. Use skb_header_pointer() for the TCPv4 frag_off check so the header read is robust whether data is already linear or needs copying. [1] https://syzkaller.appspot.com/bug?extid=1543a7d954d9c6d00407

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 1, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

cbc53e08a793b073e79f42ca33f1f3568703540d < f7a6cd508e9e825a2c69fa9e13d41ee156852f25 cbc53e08a793b073e79f42ca33f1f3568703540d < cc91202fc20a44aab4c206f12a2bfe05da936051 cbc53e08a793b073e79f42ca33f1f3568703540d < d970341cfa5594614c7a6634886c7688b4f5cafd cbc53e08a793b073e79f42ca33f1f3568703540d < ddc748a391dd8642ba6b2e4fe22e7f2ddf84b7f0

Linux / Linux

4.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/f7a6cd508e9e825a2c69fa9e13d41ee156852f25 git.kernel.org: https://git.kernel.org/stable/c/cc91202fc20a44aab4c206f12a2bfe05da936051 git.kernel.org: https://git.kernel.org/stable/c/d970341cfa5594614c7a6634886c7688b4f5cafd git.kernel.org: https://git.kernel.org/stable/c/ddc748a391dd8642ba6b2e4fe22e7f2ddf84b7f0