HarborGuard / CVE
Back to search
HIGHCVE-2026-22988Published Modified CNA Linux

CVE-2026-22988: arp: do not assume dev_hard_header() does not change skb->head

In the Linux kernel, the following vulnerability has been resolved: arp: do not assume dev_hard_header() does not change skb->head arp_create() is the only dev_hard_header() caller making assumption about skb->head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after dev_hard_header() call.

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
029935507d0af6553c45380fbf6feecf756fd226
Affected Products
2

Fix available

029935507d0af6553c45380fbf6feecf756fd226393525dee5c39acff8d6705275d7fcaabcfb7f0a6.1.1616.6.1216.12.666.18.670bddc16491ef4681f3569b3a2c80309a3edcdd1949647e7771a4a01963fe953a96d81fba7acecf3c92510f5e3f82ba11c95991824a41e59a9c5ed81dd6ccec088adff4bdf33e2b2dd102df20a7128fae432dbff342b95fe44645f9a90fcf333c80f4b5e
Affected packages
  • Linux / Linux
    < e432dbff342b95fe44645f9a90fcf333c80f4b5e (from 17e7386234f740f3e7d5e58a47b5847ea34c3bc2) · < 393525dee5c39acff8d6705275d7fcaabcfb7f0a (from 41a1a3140aff295dee8063906f70a514548105e8) · < 70bddc16491ef4681f3569b3a2c80309a3edcdd1 (from adee129db814474f2f81207bd182bf343832a52e) · < 029935507d0af6553c45380fbf6feecf756fd226 (from 1717357007db150c2d703f13f5695460e960f26c) · < dd6ccec088adff4bdf33e2b2dd102df20a7128fa (from 5fe210533e3459197eabfdbf97327dacbdc04d60) · < 949647e7771a4a01963fe953a96d81fba7acecf3 (from 91a2b25be07ce1a7549ceebbe82017551d2eec92)
  • Linux / Linux
    < 6.1.161 (from 6.1.160) · < 6.6.121 (from 6.6.120) · < 6.12.66 (from 6.12.64) · < 6.18.6 (from 6.18.4)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References