CVE-2026-53366
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/07/2026
Last modified:
16/07/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ipv4: account for fraggap on the paged allocation path<br />
<br />
In __ip_append_data(), when the paged-allocation branch is taken,<br />
alloclen and pagedlen are computed as<br />
<br />
alloclen = fragheaderlen + transhdrlen;<br />
pagedlen = datalen - transhdrlen;<br />
<br />
datalen already includes fraggap, but the fraggap bytes carried over<br />
from the previous skb are copied into the new skb&#39;s linear area at<br />
offset transhdrlen by the subsequent skb_copy_and_csum_bits(). The<br />
linear area is therefore undersized by fraggap bytes while pagedlen is<br />
overstated by the same amount.<br />
<br />
The non-paged branch sets alloclen to fraglen, which already accounts<br />
for fraggap because datalen does. Bring the paged branch in line by<br />
adding fraggap to alloclen and subtracting it from pagedlen.<br />
<br />
After this adjustment, copy no longer collapses to -fraggap on the<br />
paged path, so remove the stale comment describing that old arithmetic.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/77798d7be6ef71e72fb6fc8a2901bf74ebc9706f
- https://git.kernel.org/stable/c/a9c24eda24bd15f432e37824e6fc440977cb241c
- https://git.kernel.org/stable/c/c04d9ece23deb9e26c19f9ca215e98b3295aa1bb
- https://git.kernel.org/stable/c/ce494707a9c07f27c219ca67f3e138061f53d9b3
- https://git.kernel.org/stable/c/eca856950f7cb1a221e02b99d758409f2c5cec42



