SB20260626113 - Out-of-bounds write in Linux kernel marvell mvpp2 driver
Published: June 26, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-53216)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to corrupt memory or cause a denial of service.
The vulnerability exists due to an out-of-bounds write in the mvpp2 XDP receive path when processing packets with XDP tail adjustment on short RX buffers. A local user can trigger bpf_xdp_adjust_tail() on a packet to corrupt memory or cause a denial of service.
The issue occurs because the XDP frame size is initialized larger than the actual backing buffer size for short BM pool buffers.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3b8b0c3631b19faee53f0d15a49924129b063eec
- https://git.kernel.org/stable/c/910617a4e67dbdd5fdb39d9dc6a51e491e1b2c3e
- https://git.kernel.org/stable/c/9545cc5ef18ca22d031f2f47c157192460652359
- https://git.kernel.org/stable/c/994bd2b58d2bd08aa97ec0836cc813cfcb00d749
- https://git.kernel.org/stable/c/a3ee9231ccec6ec3be2de89c56f897055fd9eab1
- https://git.kernel.org/stable/c/ec8e1e5842bc0dbd4c272761f4db3651eecd0339
- https://git.kernel.org/stable/c/f3c6aa078927e6fe8121c9c591ddee8716c5305a