Improper input validation in Linux kernel - CVE-2026-53003
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the PPPoE frame handling in the Linux kernel when processing PPPoE frames with a compressed protocol field. A remote attacker can send a specially crafted PPPoE frame to cause a denial of service.
The issue can trigger unaligned access exceptions on some architectures because the PPP payload becomes shifted by one byte and the network header becomes 4-byte misaligned.
How to mitigate CVE-2026-53003
Sources
- https://git.kernel.org/stable/c/0cab5d077dd1efd2bd1a47271acc35894f945b4f
- https://git.kernel.org/stable/c/2b5c3c040d020e3ab3b9a8887031202d96843b1e
- https://git.kernel.org/stable/c/49e41b60ccd1bdbe9e218420f716dd5f9a2f9c71
- https://git.kernel.org/stable/c/8a5e840babc5c0fbd10c73728a13192347771ec6
- https://git.kernel.org/stable/c/ba758fdf1399f310b30098b6faa3fd043de47dd2
- https://git.kernel.org/stable/c/cb3beef35ab5e0c1afca9fd7648c6ae499786377
- https://git.kernel.org/stable/c/cc1ff87bce1ccd38410ab10960f576dcd17db679
- https://git.kernel.org/stable/c/fcca1df05322bb04e344dd1178b54b76a08eb7c3