SB20260626113 - Out-of-bounds write in Linux kernel marvell mvpp2 driver



SB20260626113 - Out-of-bounds write in Linux kernel marvell mvpp2 driver

Published: June 26, 2026

Security Bulletin ID SB20260626113
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds write (CVE-ID: CVE-2026-53216)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to corrupt memory or cause a denial of service.

The vulnerability exists due to an out-of-bounds write in the mvpp2 XDP receive path when processing packets with XDP tail adjustment on short RX buffers. A local user can trigger bpf_xdp_adjust_tail() on a packet to corrupt memory or cause a denial of service.

The issue occurs because the XDP frame size is initialized larger than the actual backing buffer size for short BM pool buffers.


Remediation

Install update from vendor's website.