Skip to main content

Linux Kernel CVE-2026-45952

| EUVDEUVD-2026-32236 MEDIUM
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-923f-7rfg-vm36
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access and CAP_NET_ADMIN (PR:L) required to change MTU; impact is purely availability-only with no confidentiality or integrity effects.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 03:44 vuln.today
CVSS changed
Jun 16, 2026 - 01:37 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

eth: fbnic: Add validation for MTU changes

Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-frag frames. While we can't prevent a remote sender from sending non-TCP packets larger than the MTU, this will prevent users from inadvertently breaking new TCP streams.

Traditionally, drivers supported XDP with MTU less than 4Kb (packet per page). Fbnic currently prevents attaching XDP when MTU is too high. But it does not prevent increasing MTU after XDP is attached.

AnalysisAI

Missing MTU validation in the Linux kernel fbnic Ethernet driver allows a local low-privileged user to trigger a denial of service by increasing the interface MTU after an XDP program is already attached. Increasing the MTU beyond the HDS (Header Data Split) threshold causes the fbnic hardware to fragment packets across multiple buffers; since single-buffer XDP programs cannot process multi-fragment frames, the driver silently drops them - breaking new TCP streams and discarding oversized non-TCP traffic. No public exploit exists and EPSS is 0.02% (4th percentile), placing this firmly in the low-priority tier despite its High availability rating; patches are confirmed available in Linux 6.18.14, 6.19.4, and 7.0.

Technical ContextAI

The fbnic driver supports Facebook's NIC hardware and implements XDP (eXpress Data Path), the Linux in-kernel high-performance packet processing framework. Traditional XDP programs operate under a strict single-buffer (packet-per-page) constraint, requiring that entire frames fit within one memory page. The driver's HDS (Header Data Split) feature splits incoming packets across multiple buffers when the MTU exceeds a certain threshold. The driver already enforces a guard preventing XDP attachment when the MTU is too high, but the inverse check - preventing MTU increases after XDP is attached - was absent. CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* encompasses all affected kernel versions from the introduction of fbnic XDP support (commit 1b0a3950dbd4fa278dc33401a4faba2a23307a16). No formal CWE is assigned, but the root cause maps conceptually to CWE-754 (Improper Check for Unusual or Exceptional Conditions) - specifically a missing state-consistency validation when a configuration parameter changes after a dependent feature is enabled. The 'Information Disclosure' tag applied by threat intelligence sources appears erroneous; the actual impact is exclusively availability.

RemediationAI

Upgrade to a patched Linux kernel release: 6.18.14 (stable), 6.19.4 (stable), or Linux 7.0 (mainline). The upstream fix commits are available at https://git.kernel.org/stable/c/03399063aa0c67fd8bdfd69467ddb849bb3b97df, https://git.kernel.org/stable/c/ccd8e87748ad083047d6c8544c5809b7f96cc8df, and https://git.kernel.org/stable/c/d7eaa006c0444a5d4671be7efe6dbb33ef8b515e. Prior to patching, restrict CAP_NET_ADMIN capability on hosts running fbnic with XDP attached - for example, by tightening network namespace permissions or using seccomp/LSM policies to block NETLINK RTM_SETLINK commands from non-root users; note this may impact legitimate network management tooling. Alternatively, establish an operational procedure to detach XDP programs before allowing any MTU changes, then reattach afterward - this eliminates the race but adds operational overhead. NVD advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-45952.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-45952 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy