{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43057", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:55.981Z", "datePublished": "2026-05-01T14:15:49.551Z", "dateUpdated": "2026-05-03T05:46:27.947Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-03T05:46:27.947Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: correctly handle tunneled traffic on IPV6_CSUM GSO fallback\n\nNETIF_F_IPV6_CSUM only advertises support for checksum offload of\npackets without IPv6 extension headers. Packets with extension\nheaders must fall back onto software checksumming. Since TSO\ndepends on checksum offload, those must revert to GSO.\n\nThe below commit introduces that fallback. It always checks\nnetwork header length. For tunneled packets, the inner header length\nmust be checked instead. Extend the check accordingly.\n\nA special case is tunneled packets without inner IP protocol. Such as\nRFC 6951 SCTP in UDP. Those are not standard IPv6 followed by\ntransport header either, so also must revert to the software GSO path."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/dev.c"], "versions": [{"version": "a0478d7e888028f85fa7785ea838ce0ca09398e2", "lessThan": "2094a7cf91b71367b649f991aacc7b579f793d0b", "status": "affected", "versionType": "git"}, {"version": "2156d9e9f2e483c8c3906c0ea57ea312c1424235", "lessThan": "ed71cf465c75f5688b07a35d373cd1d6b589c8ea", "status": "affected", "versionType": "git"}, {"version": "041e2f945f82fdbd6fff577b79c33469430297aa", "lessThan": "33670f780e0120c3dacda188c512bbffe0b6044c", "status": "affected", "versionType": "git"}, {"version": "864e3396976ef41de6cc7bc366276bf4e084fff2", "lessThan": "a98b78116a27e2a57b696b569b2cb431c95cf9b6", "status": "affected", "versionType": "git"}, {"version": "864e3396976ef41de6cc7bc366276bf4e084fff2", "lessThan": "732fdeb2987c94b439d51f5cb9addddc2fc48c42", "status": "affected", "versionType": "git"}, {"version": "864e3396976ef41de6cc7bc366276bf4e084fff2", "lessThan": "c4336a07eb6b2526dc2b62928b5104b41a7f81f5", "status": "affected", "versionType": "git"}, {"version": "794ddbb7b63b6828c75967b9bcd43b086716e7a1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/dev.c"], "versions": [{"version": "6.17", "status": "affected"}, {"version": "0", "lessThan": "6.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.134", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.81", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.22", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.12", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.149", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.103", "versionEndExcluding": "6.6.134"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.44", "versionEndExcluding": "6.12.81"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.18.22"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.19.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "7.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2094a7cf91b71367b649f991aacc7b579f793d0b"}, {"url": "https://git.kernel.org/stable/c/ed71cf465c75f5688b07a35d373cd1d6b589c8ea"}, {"url": "https://git.kernel.org/stable/c/33670f780e0120c3dacda188c512bbffe0b6044c"}, {"url": "https://git.kernel.org/stable/c/a98b78116a27e2a57b696b569b2cb431c95cf9b6"}, {"url": "https://git.kernel.org/stable/c/732fdeb2987c94b439d51f5cb9addddc2fc48c42"}, {"url": "https://git.kernel.org/stable/c/c4336a07eb6b2526dc2b62928b5104b41a7f81f5"}], "title": "net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: correctly handle tunneled traffic on IPV6_CSUM GSO fallback\n\nNETIF_F_IPV6_CSUM only advertises support for checksum offload of\npackets without IPv6 extension headers. Packets with extension\nheaders must fall back onto software checksumming. Since TSO\ndepends on checksum offload, those must revert to GSO.\n\nThe below commit introduces that fallback. It always checks\nnetwork header length. For tunneled packets, the inner header length\nmust be checked instead. Extend the check accordingly.\n\nA special case is tunneled packets without inner IP protocol. Such as\nRFC 6951 SCTP in UDP. Those are not standard IPv6 followed by\ntransport header either, so also must revert to the software GSO path."}], "id": "CVE-2026-43057", "lastModified": "2026-05-03T07:16:24.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}]}, "published": "2026-05-01T15:16:52.260", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2094a7cf91b71367b649f991aacc7b579f793d0b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/33670f780e0120c3dacda188c512bbffe0b6044c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/732fdeb2987c94b439d51f5cb9addddc2fc48c42"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a98b78116a27e2a57b696b569b2cb431c95cf9b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c4336a07eb6b2526dc2b62928b5104b41a7f81f5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ed71cf465c75f5688b07a35d373cd1d6b589c8ea"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback", "id": "2464420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464420"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-358", "details": ["A flaw was found in the Linux kernel's networking subsystem. Incorrect handling of tunneled IPv6 traffic, specifically when processing packets with IPv6 extension headers or without an inner IP protocol, can cause the system to improperly revert to a software processing path. This issue may lead to a denial of service due to degraded network performance or dropped packets."], "name": "CVE-2026-43057", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-43057\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43057\nhttps://lore.kernel.org/linux-cve-announce/2026050108-CVE-2026-43057-4807@gregkh/T"], "threat_severity": "Moderate"}