CVE-2026-53238

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved:

netlabel: validate unlabeled address and mask attribute lengths

netlbl_unlabel_addrinfo_get() used the address attribute length to
determine whether the attribute data could be read as an IPv4 or IPv6
address, but did not independently validate the corresponding mask
attribute length. A crafted Generic Netlink request could therefore
provide a valid IPv4/IPv6 address attribute with a shorter mask
attribute, which would later be read as a full struct in_addr or
struct in6_addr.

NLA_BINARY policy lengths are maximum lengths by default, so use
NLA_POLICY_EXACT_LEN() for the unlabeled IPv4/IPv6 address and mask
attributes. This rejects short attributes during policy validation and
also exposes the exact length requirements through policy introspection.

Vulnerability Details

Published Date

June 25, 2026

Last Modified

June 25, 2026

Source

NVD

Vendor

Linux

Product

Linux

External References

https://git.kernel.org/stable/c/07a18f5c90dd3d586b73242f5a5bbf0a72f2fdc6
https://git.kernel.org/stable/c/0c4bb32ad7fdc2dc6a8050f41eb04d4bda56b6c8
https://git.kernel.org/stable/c/672f0f3b8f875ffe6525a37847eafa7648c4c0c6
https://git.kernel.org/stable/c/71c52da13c3737493b42d20d9f33de34e03b3156
https://git.kernel.org/stable/c/95bda3eac0b1454c2cee98d58d9ba6dd8391e843
https://git.kernel.org/stable/c/975a84fd741440853380d37465b6e226cf47254c
https://git.kernel.org/stable/c/9772589b57e44aedc240211c5c3f7a684a034d3a
https://git.kernel.org/stable/c/ccfe292a966079c61ea68a2da303b2a336170993

CVE-2026-53238

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment