CVE-2026-53091
In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdisc_pkt_len_segs_init() Most ndo_start_xmit() methods expects headers of gso packets to be already in skb->head. net/core/tso.c users are particularly at risk, because tso_build_hdr() does a memcpy(hdr, skb->data, hdr_len); qdisc_pkt_len_segs_init() already does a dissection of gso packets. Use pskb_may_pull() instead of skb_header_pointer() to make sure drivers do not have to reimplement this. Some malicious packets could be fed, detect them so that we can drop them sooner with a new SKB_DROP_REASON_SKB_BAD_GSO drop_reason.
Affected versions
Linux kernel versions
3.16
and later are affected. Fixed in
7.0.10,
7.1
and their respective stable series.
References
2 totalFrequently asked questions
-
What is CVE-2026-53091?
CVE-2026-53091 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.16 onward and has been patched in 7.0.10 and 7.1. CVE-2026-53091 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53091?
Yes — CVE-2026-53091 has been patched. Fixed versions include 7.0.10 and 7.1. If you are running Linux kernel 3.16 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53091 actively exploited?
No — CVE-2026-53091 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.