Improper input validation in Linux kernel - CVE-2026-53221
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause traffic to be associated with the wrong tunnel.
The vulnerability exists due to improper input validation in vti6_tnl_lookup() when matching IPv6 VTI tunnels during fallback wildcard tunnel searches. A remote attacker can send network traffic that triggers a hash collision and incorrect tunnel selection to cause traffic to be associated with the wrong tunnel.
The issue occurs because candidate tunnels in the fallback search were not verified to actually use wildcard local or remote addresses.
How to mitigate CVE-2026-53221
Sources
- https://git.kernel.org/stable/c/2abfb19bbb81958714ad1d43ebeb65b30394184b
- https://git.kernel.org/stable/c/2fc7bc087cc7085368263d9d37bfe9a0bddd6a2d
- https://git.kernel.org/stable/c/47fb3c2b4203556308e64354b3e78f2ce221d646
- https://git.kernel.org/stable/c/90fd4513315ca07da99cfd8549d3e553a7160f0d
- https://git.kernel.org/stable/c/a5c0359f5cbc51a2e2b114d6041e0f3c73f903e9
- https://git.kernel.org/stable/c/c327fa4fca31415431202e063767a7ae342e19c6
- https://git.kernel.org/stable/c/f513f308cc4bdb4530d033431592ffbc29b7fca1
- https://git.kernel.org/stable/c/fc657ac0767c49839b3ef0b08dc0953ca30883f8