In the Linux kernel, the following vulnerability has been resolved:
netfilter: require Ethernet MAC header before using eth_hdr()
ip6t_eui64, xt_mac, the bitmap:ip,mac, hash:ip,mac, and
hash:mac ipset types, and nf_log_syslog access eth_hdr(skb)
after either assuming that the skb is associated with an Ethernet
device or checking only that the ETH_HLEN bytes at
skb_mac_header(skb) lie between skb->head and skb->data.
Make these paths first verify that the skb is associated with an
Ethernet device, that the MAC header was set, and that it spans at
least a full Ethernet header before accessing eth_hdr(skb).
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53131.json",
"cna_assigner": "Linux"
}