SB20260625174 - Improper input validation in Linux kernel PPPoE frame handling
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper input validation (CVE-ID: CVE-2026-53003)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the PPPoE frame handling in the Linux kernel when processing PPPoE frames with a compressed protocol field. A remote attacker can send a specially crafted PPPoE frame to cause a denial of service.
The issue can trigger unaligned access exceptions on some architectures because the PPP payload becomes shifted by one byte and the network header becomes 4-byte misaligned.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0cab5d077dd1efd2bd1a47271acc35894f945b4f
- https://git.kernel.org/stable/c/2b5c3c040d020e3ab3b9a8887031202d96843b1e
- https://git.kernel.org/stable/c/49e41b60ccd1bdbe9e218420f716dd5f9a2f9c71
- https://git.kernel.org/stable/c/8a5e840babc5c0fbd10c73728a13192347771ec6
- https://git.kernel.org/stable/c/ba758fdf1399f310b30098b6faa3fd043de47dd2
- https://git.kernel.org/stable/c/cb3beef35ab5e0c1afca9fd7648c6ae499786377
- https://git.kernel.org/stable/c/cc1ff87bce1ccd38410ab10960f576dcd17db679
- https://git.kernel.org/stable/c/fcca1df05322bb04e344dd1178b54b76a08eb7c3