Bug 2492828 (CVE-2026-53238) - CVE-2026-53238 kernel: netlabel: validate unlabeled address and mask attribute lengths
Summary: CVE-2026-53238 kernel: netlabel: validate unlabeled address and mask attribut...
Keywords:
Status: NEW
Alias: CVE-2026-53238
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-25 10:07 UTC by OSIDB Bzimport
Modified: 2026-06-29 14:28 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-25 10:07:54 UTC
In the Linux kernel, the following vulnerability has been resolved:

netlabel: validate unlabeled address and mask attribute lengths

netlbl_unlabel_addrinfo_get() used the address attribute length to
determine whether the attribute data could be read as an IPv4 or IPv6
address, but did not independently validate the corresponding mask
attribute length.  A crafted Generic Netlink request could therefore
provide a valid IPv4/IPv6 address attribute with a shorter mask
attribute, which would later be read as a full struct in_addr or
struct in6_addr.

NLA_BINARY policy lengths are maximum lengths by default, so use
NLA_POLICY_EXACT_LEN() for the unlabeled IPv4/IPv6 address and mask
attributes.  This rejects short attributes during policy validation and
also exposes the exact length requirements through policy introspection.

Comment 1 Mauro Matteo Cascella 2026-06-29 14:27:52 UTC
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026062510-CVE-2026-53238-06fb@gregkh/T


Note You need to log in before you can comment on or make changes to this bug.