CVE-2026-53131EXPLOITEDPATCHED

linux · linux kernel

netfilter: require Ethernet MAC header before using eth_hdr()

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: require Ethernet MAC header before using eth_hdr() `ip6t_eui64`, `xt_mac`, the `bitmap:ip,mac`, `hash:ip,mac`, and `hash:mac` ipset types, and `nf_log_syslog` access `eth_hdr(skb)` after either assuming that the skb is associated with an Ethernet device or checking only that the `ETH_HLEN` bytes at `skb_mac_header(skb)` lie between `skb->head` and `skb->data`. Make these paths first verify that the skb is associated with an Ethernet device, that the MAC header was set, and that it spans at least a full Ethernet header before accessing `eth_hdr(skb)`.

Affected Products

Vendor	Product	Versions
linux	linux kernel	1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 0, 0, 0, 0, 0, 0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
linux	linux	mitre_affected	90%

References

Related News (3 articles)

Tier A

Microsoft MSRC2h ago

CVE-2026-53131 netfilter: require Ethernet MAC header before using eth_hdr()

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-53131 | Linux Kernel up to 7.0.12 netfilter eth_hdr head privilege escalation

→ No new info (linked only)

Tier C

Linux Kernel CVEs3d ago

CVE-2026-53131: netfilter: require Ethernet MAC header before using eth_hdr()

→ No new info (linked only)

CVSS 3.19.4 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

4435888e1bf139d2bfe5911643d4217382136743063f43361e884acd7300790e90194430275d0d0c726abf97566867f808fec9d8a408eb9698bd570a367abcacc13a8e2e7624408b7f593bd1e60e49d95d634afb8b83b49de562792fd0d047416a43bd4dcea435ea7e868ea6fdf039bc4f2090c1d829b55662443dc21114c0bbc476fa62973db89743f2f1375.15.2106.1.1766.6.1436.12.946.18.367.0.137.1

PublishedJun 25, 2026

Last enriched3d agov3

Trending Score65

Source articles3

Independent3

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-31431EXPKEV

crypto: algif_aead - Revert to operating out-of-place

Trending: 111

HIGHCVE-2026-43284EXPKEV

xfrm: esp: avoid in-place decrypt on shared skb frags

Trending: 106

HIGHCVE-2026-43500EXPKEV

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

Trending: 100

HIGHCVE-2026-46243EXP

smb: client: reject userspace cifs.spnego descriptions

Trending: 86

HIGHCVE-2026-46333EXP

ptrace: slightly saner 'get_dumpable()' logic

Trending: 70

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 25, 2026

Discovered by ZDM

Jun 25, 2026

Updated: affectedVersions

Jun 25, 2026

Updated: severity, affectedVersions, activelyExploited

Jun 25, 2026

Actively Exploited

Jun 28, 2026

Patch Available

Jun 28, 2026

Version History

Last enriched 3d ago

v3Tier C3d ago

Updated severity to CRITICAL, added affected version 7.0.12, and noted that no exploit is available.

severityaffectedVersionsactivelyExploited

via VulDB

v2Tier C3d ago

Updated description with more technical detail, added affected versions, changed severity to HIGH, and marked exploit availability and active exploitation as true.

affectedVersions

via Linux Kernel CVEs

v13d ago

Initial creation