CVE-2026-23254
Description
In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the `encapsulation` flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading the checksum for an UDP encapsulated traffic, the tun driver can inject GSO packets with UDP encapsulation and the problematic layout can also be created via a veth based setup. Due to the above, in the problematic scenarios, udp4_gro_complete() uses the wrong network offset (inner instead of outer) to compute the outer UDP header pseudo checksum, leading to csum validation errors later on in packet processing. Address the issue always clearing the encapsulation flag at GRO completion time. Such flag will be set again as needed for encapsulated packets by udp_gro_complete().
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Linux kernel Affected 3 releases
| Version | Status | Fixed in |
|---|---|---|
| 6.9 | Affected | โ |
| 6.19 | Affected | โ |
| โ | Affected | 6.6.124 |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.12.73-1 |
| sid | Fixed | 6.18.10-1 |
| forky | Fixed | 6.18.10-1 |
| bullseye | Fixed | 0 |
| bookworm | Fixed | 0 |
References
- https://www.suse.com/security/cve/CVE-2026-23254.html
- https://security-tracker.debian.org/tracker/CVE-2026-23254
- https://git.kernel.org/stable/c/2e5edb69e5d0e23ef248c56fc977039268c77a7b
- https://git.kernel.org/stable/c/5c2c3c38be396257a6a2e55bd601a12bb9781507
- https://git.kernel.org/stable/c/9d40a85138568696387ef04cd004c64612a70874
- https://git.kernel.org/stable/c/b83557bc6f560433fe5d727e241069f8db5ba709
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.