Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-43092

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-06 May, 2026 | 07:40
Updated At-06 May, 2026 | 07:40
Rejected At-
Credits

xsk: validate MTU against usable frame size on bind

In the Linux kernel, the following vulnerability has been resolved: xsk: validate MTU against usable frame size on bind AF_XDP bind currently accepts zero-copy pool configurations without verifying that the device MTU fits into the usable frame space provided by the UMEM chunk. This becomes a problem since we started to respect tailroom which is subtracted from chunk_size (among with headroom). 2k chunk size might not provide enough space for standard 1500 MTU, so let us catch such settings at bind time. Furthermore, validate whether underlying HW will be able to satisfy configured MTU wrt XSK's frame size multiplied by supported Rx buffer chain length (that is exposed via net_device::xdp_zc_max_segs).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:06 May, 2026 | 07:40
Updated At:06 May, 2026 | 07:40
Rejected At:
▼CVE Numbering Authority (CNA)
xsk: validate MTU against usable frame size on bind

In the Linux kernel, the following vulnerability has been resolved: xsk: validate MTU against usable frame size on bind AF_XDP bind currently accepts zero-copy pool configurations without verifying that the device MTU fits into the usable frame space provided by the UMEM chunk. This becomes a problem since we started to respect tailroom which is subtracted from chunk_size (among with headroom). 2k chunk size might not provide enough space for standard 1500 MTU, so let us catch such settings at bind time. Furthermore, validate whether underlying HW will be able to satisfy configured MTU wrt XSK's frame size multiplied by supported Rx buffer chain length (that is exposed via net_device::xdp_zc_max_segs).

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/xdp/xsk_buff_pool.c
Default Status
unaffected
Versions
Affected
  • From 24ea50127ecf0efe819c1f6230add27abc6ca9d9 before a55793e5a97d4e39bdb380873a9780fe0010bff6 (git)
  • From 24ea50127ecf0efe819c1f6230add27abc6ca9d9 before f669d60db11dbabb96279f2b20f9d1cba43cddb2 (git)
  • From 24ea50127ecf0efe819c1f6230add27abc6ca9d9 before 25e1e91a8da819924df0b16e3812d7b24c8ce133 (git)
  • From 24ea50127ecf0efe819c1f6230add27abc6ca9d9 before b2f4daa6422fd6cc0cec969794dab4a88ea4cea1 (git)
  • From 24ea50127ecf0efe819c1f6230add27abc6ca9d9 before 36ee60b569ba0dfb6f961333b90d19ab5b323fa9 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/xdp/xsk_buff_pool.c
Default Status
affected
Versions
Affected
  • 6.6
Unaffected
  • From 0 before 6.6 (semver)
  • From 6.6.136 through 6.6.* (semver)
  • From 6.12.83 through 6.12.* (semver)
  • From 6.18.24 through 6.18.* (semver)
  • From 6.19.14 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/a55793e5a97d4e39bdb380873a9780fe0010bff6
N/A
https://git.kernel.org/stable/c/f669d60db11dbabb96279f2b20f9d1cba43cddb2
N/A
https://git.kernel.org/stable/c/25e1e91a8da819924df0b16e3812d7b24c8ce133
N/A
https://git.kernel.org/stable/c/b2f4daa6422fd6cc0cec969794dab4a88ea4cea1
N/A
https://git.kernel.org/stable/c/36ee60b569ba0dfb6f961333b90d19ab5b323fa9
N/A
Hyperlink: https://git.kernel.org/stable/c/a55793e5a97d4e39bdb380873a9780fe0010bff6
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/f669d60db11dbabb96279f2b20f9d1cba43cddb2
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/25e1e91a8da819924df0b16e3812d7b24c8ce133
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/b2f4daa6422fd6cc0cec969794dab4a88ea4cea1
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/36ee60b569ba0dfb6f961333b90d19ab5b323fa9
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:06 May, 2026 | 10:16
Updated At:06 May, 2026 | 10:16

In the Linux kernel, the following vulnerability has been resolved: xsk: validate MTU against usable frame size on bind AF_XDP bind currently accepts zero-copy pool configurations without verifying that the device MTU fits into the usable frame space provided by the UMEM chunk. This becomes a problem since we started to respect tailroom which is subtracted from chunk_size (among with headroom). 2k chunk size might not provide enough space for standard 1500 MTU, so let us catch such settings at bind time. Furthermore, validate whether underlying HW will be able to satisfy configured MTU wrt XSK's frame size multiplied by supported Rx buffer chain length (that is exposed via net_device::xdp_zc_max_segs).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
CPE Matches
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/25e1e91a8da819924df0b16e3812d7b24c8ce133416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/36ee60b569ba0dfb6f961333b90d19ab5b323fa9416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/a55793e5a97d4e39bdb380873a9780fe0010bff6416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/b2f4daa6422fd6cc0cec969794dab4a88ea4cea1416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/f669d60db11dbabb96279f2b20f9d1cba43cddb2416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
Hyperlink: https://git.kernel.org/stable/c/25e1e91a8da819924df0b16e3812d7b24c8ce133
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/36ee60b569ba0dfb6f961333b90d19ab5b323fa9
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/a55793e5a97d4e39bdb380873a9780fe0010bff6
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/b2f4daa6422fd6cc0cec969794dab4a88ea4cea1
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/f669d60db11dbabb96279f2b20f9d1cba43cddb2
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found