Improper input validation in Linux kernel - CVE-2026-53235
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to improper input validation in skb_gro_receive_list() when processing GRO packets with non-linear skb data. A local attacker can trigger the vulnerable code path with a crafted packet state to cause a denial of service.
The issue can occur when an skb arrives via napi_gro_frags() with a zero skb_headlen and a non-zero GRO offset, leading to a BUG_ON condition in __skb_pull().