CVE-2026-43036

gsofeaturescheck() reads iph->fragoff to decide whether to clear mangleidfeatures. Accessing the IPv4 header via iphdr()/inneriphdr() can rely on skb header offsets that are not always safe for direct dereference on packets injected from PFPACKET paths.

Use skbheaderpointer() for the TCPv4 frag_off check so the header read is robust whether data is already linear or needs copying.

[1] https://syzkaller.appspot.com/bug?extid=1543a7d954d9c6d00407

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43036.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

cbc53e08a793b073e79f42ca33f1f3568703540d

Fixed

f7a6cd508e9e825a2c69fa9e13d41ee156852f25

Fixed

cc91202fc20a44aab4c206f12a2bfe05da936051

Fixed

d970341cfa5594614c7a6634886c7688b4f5cafd

Fixed

ddc748a391dd8642ba6b2e4fe22e7f2ddf84b7f0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43036.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.7.0

Fixed

6.12.81

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.22

Type: ECOSYSTEM
Events: Introduced

6.19.0

Fixed

6.19.12

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43036.json"