2464420 – (CVE-2026-43057) CVE-2026-43057 kernel: net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback

Bug 2464420 (CVE-2026-43057) - CVE-2026-43057 kernel: net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback

Summary: CVE-2026-43057 kernel: net: correctly handle tunneled traffic on IPV6_CSUM GS...

Keywords:
Status:	NEW
Alias:	CVE-2026-43057
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-01 15:05 UTC by OSIDB Bzimport
Modified:	2026-05-01 19:10 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-01 15:05:52 UTC

In the Linux kernel, the following vulnerability has been resolved:

net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback

NETIF_F_IPV6_CSUM only advertises support for checksum offload of
packets without IPv6 extension headers. Packets with extension
headers must fall back onto software checksumming. Since TSO
depends on checksum offload, those must revert to GSO.

The below commit introduces that fallback. It always checks
network header length. For tunneled packets, the inner header length
must be checked instead. Extend the check accordingly.

A special case is tunneled packets without inner IP protocol. Such as
RFC 6951 SCTP in UDP. Those are not standard IPv6 followed by
transport header either, so also must revert to the software GSO path.

Comment 1 Keith Grant 2026-05-01 19:06:36 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050108-CVE-2026-43057-4807@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.