Bug 2498986 (CVE-2026-53363) - CVE-2026-53363 kernel: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags()
Summary: CVE-2026-53363 kernel: xfrm: iptfs: preserve shared-frag marker in iptfs_cons...
Keywords:
Status: NEW
Alias: CVE-2026-53363
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-10 13:02 UTC by OSIDB Bzimport
Modified: 2026-07-10 16:55 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-10 13:02:24 UTC
In the Linux kernel, the following vulnerability has been resolved:

xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags()

iptfs_consume_frags() transfers paged fragments from one socket buffer
to another but fails to propagate the SKBFL_SHARED_FRAG flag. This is
the same class of bug that was fixed in skb_try_coalesce() for
CVE-2026-46300: when fragments backed by read-only page-cache pages are
merged, the marker indicating their shared nature must be preserved so
that ESP can decide correctly whether in-place encryption is safe.

Apply the same two-line fix used in skb_try_coalesce() to
iptfs_consume_frags().


Note You need to log in before you can comment on or make changes to this bug.