CVE-2026-46300

HIGH 7.8

net: skbuff: preserve shared-frag marker during coalescing

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backed frags, but the shared-frag marker is currently lost. That breaks the invariant relied on by later in-place writers. In particular, ESP input checks skb_has_shared_frag() before deciding whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP receive coalescing has moved shared frags into an unmarked skb, ESP can see skb_has_shared_frag() as false and decrypt in place over page-cache backed frags. Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged frags. The tailroom copy path does not need the marker because it copies bytes into @to's linear data rather than transferring frag descriptors.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 23, 2026
Last Updated	May 30, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Linux / Linux

cef401de7be8c4e155c6746bfccf721a4fa5fab9 < 3599e6b3cc1ada96883d496a50a210d3afbb6987 cef401de7be8c4e155c6746bfccf721a4fa5fab9 < 2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c cef401de7be8c4e155c6746bfccf721a4fa5fab9 < 9d3e5fd19fe1063bf607219e8562fbd567b8e8d5 cef401de7be8c4e155c6746bfccf721a4fa5fab9 < 78bf6b6bb19541d19fbda6242e7cfe2c682763c0 cef401de7be8c4e155c6746bfccf721a4fa5fab9 < 760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e cef401de7be8c4e155c6746bfccf721a4fa5fab9 < 3bd9e113d50034db99d7ef69fd8e5242d15e414a cef401de7be8c4e155c6746bfccf721a4fa5fab9 < 3884358a9286b17f389a72b1426fc4547c23c111 cef401de7be8c4e155c6746bfccf721a4fa5fab9 < f84eca5817390257cef78013d0112481c503b4a3

Linux / Linux

3.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/3599e6b3cc1ada96883d496a50a210d3afbb6987 git.kernel.org: https://git.kernel.org/stable/c/2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c git.kernel.org: https://git.kernel.org/stable/c/9d3e5fd19fe1063bf607219e8562fbd567b8e8d5 git.kernel.org: https://git.kernel.org/stable/c/78bf6b6bb19541d19fbda6242e7cfe2c682763c0 git.kernel.org: https://git.kernel.org/stable/c/760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e git.kernel.org: https://git.kernel.org/stable/c/3bd9e113d50034db99d7ef69fd8e5242d15e414a git.kernel.org: https://git.kernel.org/stable/c/3884358a9286b17f389a72b1426fc4547c23c111 git.kernel.org: https://git.kernel.org/stable/c/f84eca5817390257cef78013d0112481c503b4a3 openwall.com: http://www.openwall.com/lists/oss-security/2026/05/13/5 openwall.com: http://www.openwall.com/lists/oss-security/2026/05/21/11 openwall.com: http://www.openwall.com/lists/oss-security/2026/05/21/12 openwall.com: http://www.openwall.com/lists/oss-security/2026/05/21/13