SB2026071711 - Out-of-bounds write in Linux kernel ipv4



SB2026071711 - Out-of-bounds write in Linux kernel ipv4

Published: July 17, 2026

Security Bulletin ID SB2026071711
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds write (CVE-ID: CVE-2026-53366)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to an out-of-bounds write in __ip_append_data() when processing IPv4 packet data on the paged allocation path. A local user can trigger the faulty length calculations to cause a denial of service.

The issue occurs because fraggap bytes copied from the previous skb are placed into the new skb linear area while the allocation size does not account for those bytes.


Remediation

Install update from vendor's website.