In the Linux kernel, the following vulnerability has been resolved: ipv4: account for fraggap on the paged allocation path In __ip_append_data(),… (CVE-2026-53366)
In the Linux kernel, the following vulnerability has been resolved: ipv4: account for fraggap on the paged allocation path In __ip_append_data(), when the paged-allocation branch is taken, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen; pagedlen = datalen - transhdrlen; datalen already includes fraggap, but the fraggap bytes carried over from the previous skb are copied into the new skb's linear area at offset transhdrlen by the subsequent skb_copy_and_csum_bits(). The linear area is therefore undersized by fraggap bytes while pagedlen is overstated by the same amount. The non-paged branch sets alloclen to fraglen, which already accounts for fraggap because datalen does. Bring the paged branch in line by adding fraggap to alloclen and subtracting it from pagedlen. After this adjustment, copy no longer collapses to -fraggap on the paged path, so remove the stale comment describing that old arithmetic.
AI Analysis
Technical Summary
The vulnerability in the Linux kernel's IPv4 code occurs in the __ip_append_data() function when processing fragmented packets using the paged allocation path. The calculations for alloclen and pagedlen did not correctly account for fraggap bytes carried over from previous skb buffers, resulting in an undersized linear area and overstated paged length. The fix aligns the paged allocation branch with the non-paged branch by adjusting alloclen and pagedlen to properly include fraggap, preventing incorrect memory handling during packet reassembly.
Potential Impact
The vulnerability could cause improper memory allocation and handling during IPv4 packet fragmentation reassembly, potentially leading to memory corruption or instability in the kernel's network stack. No known exploits in the wild have been reported. The exact impact severity is not quantified by CVSS data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since this is a Linux kernel vulnerability, monitor official Linux kernel security advisories for patches addressing CVE-2026-53366 and apply updates accordingly.
In the Linux kernel, the following vulnerability has been resolved: ipv4: account for fraggap on the paged allocation path In __ip_append_data(),… (CVE-2026-53366)
Description
In the Linux kernel, the following vulnerability has been resolved: ipv4: account for fraggap on the paged allocation path In __ip_append_data(), when the paged-allocation branch is taken, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen; pagedlen = datalen - transhdrlen; datalen already includes fraggap, but the fraggap bytes carried over from the previous skb are copied into the new skb's linear area at offset transhdrlen by the subsequent skb_copy_and_csum_bits(). The linear area is therefore undersized by fraggap bytes while pagedlen is overstated by the same amount. The non-paged branch sets alloclen to fraglen, which already accounts for fraggap because datalen does. Bring the paged branch in line by adding fraggap to alloclen and subtracting it from pagedlen. After this adjustment, copy no longer collapses to -fraggap on the paged path, so remove the stale comment describing that old arithmetic.
CVSS v3.1
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in the Linux kernel's IPv4 code occurs in the __ip_append_data() function when processing fragmented packets using the paged allocation path. The calculations for alloclen and pagedlen did not correctly account for fraggap bytes carried over from previous skb buffers, resulting in an undersized linear area and overstated paged length. The fix aligns the paged allocation branch with the non-paged branch by adjusting alloclen and pagedlen to properly include fraggap, preventing incorrect memory handling during packet reassembly.
Potential Impact
The vulnerability could cause improper memory allocation and handling during IPv4 packet fragmentation reassembly, potentially leading to memory corruption or instability in the kernel's network stack. No known exploits in the wild have been reported. The exact impact severity is not quantified by CVSS data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since this is a Linux kernel vulnerability, monitor official Linux kernel security advisories for patches addressing CVE-2026-53366 and apply updates accordingly.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-r67c-r6r6-mj6m
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-53366"]
- Ecosystems
- []
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a58b3f568715ace43d65e72
Added to database: 07/16/2026, 10:35:33 UTC
Last enriched: 07/16/2026, 10:43:40 UTC
Last updated: 07/19/2026, 07:06:26 UTC
Views: 21
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.