In the Linux kernel, the following vulnerability has been resolved:
tcp: restrict SOATTACHFILTER to priv users
This patch restricts the use of SOATTACHFILTER (cBPF) on TCP sockets to users with CAPNETADMIN capability.
This blocks potential side-channel attack where an unprivileged application attaches a filter to leak TCP sequence/acknowledgment numbers.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53236.json",
"cna_assigner": "Linux"
}