{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43057", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:55.981Z", "datePublished": "2026-05-01T14:15:49.551Z", "dateUpdated": "2026-05-01T14:15:49.551Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-01T14:15:49.551Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: correctly handle tunneled traffic on IPV6_CSUM GSO fallback\n\nNETIF_F_IPV6_CSUM only advertises support for checksum offload of\npackets without IPv6 extension headers. Packets with extension\nheaders must fall back onto software checksumming. Since TSO\ndepends on checksum offload, those must revert to GSO.\n\nThe below commit introduces that fallback. It always checks\nnetwork header length. For tunneled packets, the inner header length\nmust be checked instead. Extend the check accordingly.\n\nA special case is tunneled packets without inner IP protocol. Such as\nRFC 6951 SCTP in UDP. Those are not standard IPv6 followed by\ntransport header either, so also must revert to the software GSO path."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/dev.c"], "versions": [{"version": "a0478d7e888028f85fa7785ea838ce0ca09398e2", "lessThan": "2094a7cf91b71367b649f991aacc7b579f793d0b", "status": "affected", "versionType": "git"}, {"version": "2156d9e9f2e483c8c3906c0ea57ea312c1424235", "lessThan": "ed71cf465c75f5688b07a35d373cd1d6b589c8ea", "status": "affected", "versionType": "git"}, {"version": "041e2f945f82fdbd6fff577b79c33469430297aa", "lessThan": "33670f780e0120c3dacda188c512bbffe0b6044c", "status": "affected", "versionType": "git"}, {"version": "864e3396976ef41de6cc7bc366276bf4e084fff2", "lessThan": "a98b78116a27e2a57b696b569b2cb431c95cf9b6", "status": "affected", "versionType": "git"}, {"version": "864e3396976ef41de6cc7bc366276bf4e084fff2", "lessThan": "732fdeb2987c94b439d51f5cb9addddc2fc48c42", "status": "affected", "versionType": "git"}, {"version": "864e3396976ef41de6cc7bc366276bf4e084fff2", "lessThan": "c4336a07eb6b2526dc2b62928b5104b41a7f81f5", "status": "affected", "versionType": "git"}, {"version": "794ddbb7b63b6828c75967b9bcd43b086716e7a1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/dev.c"], "versions": [{"version": "6.17", "status": "affected"}, {"version": "0", "lessThan": "6.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.134", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.81", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.22", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.12", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.149", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.103", "versionEndExcluding": "6.6.134"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.44", "versionEndExcluding": "6.12.81"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.18.22"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.19.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "7.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2094a7cf91b71367b649f991aacc7b579f793d0b"}, {"url": "https://git.kernel.org/stable/c/ed71cf465c75f5688b07a35d373cd1d6b589c8ea"}, {"url": "https://git.kernel.org/stable/c/33670f780e0120c3dacda188c512bbffe0b6044c"}, {"url": "https://git.kernel.org/stable/c/a98b78116a27e2a57b696b569b2cb431c95cf9b6"}, {"url": "https://git.kernel.org/stable/c/732fdeb2987c94b439d51f5cb9addddc2fc48c42"}, {"url": "https://git.kernel.org/stable/c/c4336a07eb6b2526dc2b62928b5104b41a7f81f5"}], "title": "net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: correctly handle tunneled traffic on IPV6_CSUM GSO fallback\n\nNETIF_F_IPV6_CSUM only advertises support for checksum offload of\npackets without IPv6 extension headers. Packets with extension\nheaders must fall back onto software checksumming. Since TSO\ndepends on checksum offload, those must revert to GSO.\n\nThe below commit introduces that fallback. It always checks\nnetwork header length. For tunneled packets, the inner header length\nmust be checked instead. Extend the check accordingly.\n\nA special case is tunneled packets without inner IP protocol. Such as\nRFC 6951 SCTP in UDP. Those are not standard IPv6 followed by\ntransport header either, so also must revert to the software GSO path."}], "id": "CVE-2026-43057", "lastModified": "2026-05-01T15:24:14.893", "metrics": {}, "published": "2026-05-01T15:16:52.260", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2094a7cf91b71367b649f991aacc7b579f793d0b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/33670f780e0120c3dacda188c512bbffe0b6044c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/732fdeb2987c94b439d51f5cb9addddc2fc48c42"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a98b78116a27e2a57b696b569b2cb431c95cf9b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c4336a07eb6b2526dc2b62928b5104b41a7f81f5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ed71cf465c75f5688b07a35d373cd1d6b589c8ea"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{}