| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026012350-CVE-2026-22988-1ee5@gregkh> Date: Fri, 23 Jan 2026 16:24:59 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2026-22988: arp: do not assume dev_hard_header() does not change skb->head From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: arp: do not assume dev_hard_header() does not change skb->head arp_create() is the only dev_hard_header() caller making assumption about skb->head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after dev_hard_header() call. The Linux kernel CVE team has assigned CVE-2026-22988 to this issue. Affected and fixed versions =========================== Issue introduced in 6.1.160 with commit adee129db814474f2f81207bd182bf343832a52e and fixed in 6.1.161 with commit 70bddc16491ef4681f3569b3a2c80309a3edcdd1 Issue introduced in 6.6.120 with commit 1717357007db150c2d703f13f5695460e960f26c and fixed in 6.6.121 with commit 029935507d0af6553c45380fbf6feecf756fd226 Issue introduced in 6.12.64 with commit 5fe210533e3459197eabfdbf97327dacbdc04d60 and fixed in 6.12.66 with commit dd6ccec088adff4bdf33e2b2dd102df20a7128fa Issue introduced in 6.18.4 with commit 91a2b25be07ce1a7549ceebbe82017551d2eec92 and fixed in 6.18.6 with commit 949647e7771a4a01963fe953a96d81fba7acecf3 Issue introduced in 6.19-rc4 with commit db5b4e39c4e63700c68a7e65fc4e1f1375273476 and fixed in 6.19-rc5 with commit c92510f5e3f82ba11c95991824a41e59a9c5ed81 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-22988 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/ipv4/arp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e432dbff342b95fe44645f9a90fcf333c80f4b5e https://git.kernel.org/stable/c/393525dee5c39acff8d6705275d7fcaabcfb7f0a https://git.kernel.org/stable/c/70bddc16491ef4681f3569b3a2c80309a3edcdd1 https://git.kernel.org/stable/c/029935507d0af6553c45380fbf6feecf756fd226 https://git.kernel.org/stable/c/dd6ccec088adff4bdf33e2b2dd102df20a7128fa https://git.kernel.org/stable/c/949647e7771a4a01963fe953a96d81fba7acecf3 https://git.kernel.org/stable/c/c92510f5e3f82ba11c95991824a41e59a9c5ed81
Powered by blists - more mailing lists