In the Linux kernel, the following vulnerability has been resolved:
net: pull headers in qdiscpktlensegsinit()
Most ndostartxmit() methods expects headers of gso packets to be already in skb->head.
net/core/tso.c users are particularly at risk, because tsobuildhdr() does a memcpy(hdr, skb->data, hdr_len);
qdiscpktlensegsinit() already does a dissection of gso packets.
Use pskbmaypull() instead of skbheaderpointer() to make sure drivers do not have to reimplement this.
Some malicious packets could be fed, detect them so that we can drop them sooner with a new SKBDROPREASONSKBBADGSO dropreason.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53091.json",
"cna_assigner": "Linux"
}