GHSA-5QWX-4Q7J-HWM2

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-06-25 09:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netlabel: validate unlabeled address and mask attribute lengths

netlbl_unlabel_addrinfo_get() used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independently validate the corresponding mask attribute length. A crafted Generic Netlink request could therefore provide a valid IPv4/IPv6 address attribute with a shorter mask attribute, which would later be read as a full struct in_addr or struct in6_addr.

NLA_BINARY policy lengths are maximum lengths by default, so use NLA_POLICY_EXACT_LEN() for the unlabeled IPv4/IPv6 address and mask attributes. This rejects short attributes during policy validation and also exposes the exact length requirements through policy introspection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53238"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:41Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlabel: validate unlabeled address and mask attribute lengths\n\nnetlbl_unlabel_addrinfo_get() used the address attribute length to\ndetermine whether the attribute data could be read as an IPv4 or IPv6\naddress, but did not independently validate the corresponding mask\nattribute length.  A crafted Generic Netlink request could therefore\nprovide a valid IPv4/IPv6 address attribute with a shorter mask\nattribute, which would later be read as a full struct in_addr or\nstruct in6_addr.\n\nNLA_BINARY policy lengths are maximum lengths by default, so use\nNLA_POLICY_EXACT_LEN() for the unlabeled IPv4/IPv6 address and mask\nattributes.  This rejects short attributes during policy validation and\nalso exposes the exact length requirements through policy introspection.",
  "id": "GHSA-5qwx-4q7j-hwm2",
  "modified": "2026-06-25T09:31:22Z",
  "published": "2026-06-25T09:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53238"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07a18f5c90dd3d586b73242f5a5bbf0a72f2fdc6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c4bb32ad7fdc2dc6a8050f41eb04d4bda56b6c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/672f0f3b8f875ffe6525a37847eafa7648c4c0c6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/71c52da13c3737493b42d20d9f33de34e03b3156"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95bda3eac0b1454c2cee98d58d9ba6dd8391e843"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/975a84fd741440853380d37465b6e226cf47254c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9772589b57e44aedc240211c5c3f7a684a034d3a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ccfe292a966079c61ea68a2da303b2a336170993"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…