SB2026071711 - Out-of-bounds write in Linux kernel ipv4
Published: July 17, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-53366)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an out-of-bounds write in __ip_append_data() when processing IPv4 packet data on the paged allocation path. A local user can trigger the faulty length calculations to cause a denial of service.
The issue occurs because fraggap bytes copied from the previous skb are placed into the new skb linear area while the allocation size does not account for those bytes.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/77798d7be6ef71e72fb6fc8a2901bf74ebc9706f
- https://git.kernel.org/stable/c/a9c24eda24bd15f432e37824e6fc440977cb241c
- https://git.kernel.org/stable/c/c04d9ece23deb9e26c19f9ca215e98b3295aa1bb
- https://git.kernel.org/stable/c/ce494707a9c07f27c219ca67f3e138061f53d9b3
- https://git.kernel.org/stable/c/eca856950f7cb1a221e02b99d758409f2c5cec42