CVE-2026-53366

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/07/2026
Last modified:
16/07/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ipv4: account for fraggap on the paged allocation path<br /> <br /> In __ip_append_data(), when the paged-allocation branch is taken,<br /> alloclen and pagedlen are computed as<br /> <br /> alloclen = fragheaderlen + transhdrlen;<br /> pagedlen = datalen - transhdrlen;<br /> <br /> datalen already includes fraggap, but the fraggap bytes carried over<br /> from the previous skb are copied into the new skb&amp;#39;s linear area at<br /> offset transhdrlen by the subsequent skb_copy_and_csum_bits(). The<br /> linear area is therefore undersized by fraggap bytes while pagedlen is<br /> overstated by the same amount.<br /> <br /> The non-paged branch sets alloclen to fraglen, which already accounts<br /> for fraggap because datalen does. Bring the paged branch in line by<br /> adding fraggap to alloclen and subtracting it from pagedlen.<br /> <br /> After this adjustment, copy no longer collapses to -fraggap on the<br /> paged path, so remove the stale comment describing that old arithmetic.

Impact