CVE-2026-23254

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: gro: fix outer network offset<br /> <br /> The udp GRO complete stage assumes that all the packets inserted the RX<br /> have the `encapsulation` flag zeroed. Such assumption is not true, as a<br /> few H/W NICs can set such flag when H/W offloading the checksum for<br /> an UDP encapsulated traffic, the tun driver can inject GSO packets with<br /> UDP encapsulation and the problematic layout can also be created via<br /> a veth based setup.<br /> <br /> Due to the above, in the problematic scenarios, udp4_gro_complete() uses<br /> the wrong network offset (inner instead of outer) to compute the outer<br /> UDP header pseudo checksum, leading to csum validation errors later on<br /> in packet processing.<br /> <br /> Address the issue always clearing the encapsulation flag at GRO completion<br /> time. Such flag will be set again as needed for encapsulated packets by<br /> udp_gro_complete().