1. Home
  2. Vulnerabilities
  3. CVE-2026-23154
5.5
MEDIUM CVSS 3.1
CVE-2026-23154
net: fix segmentation of forwarding fraglist GRO
Overview
Description

In the Linux kernel, the following vulnerability has been resolved: net: fix segmentation of forwarding fraglist GRO This patch enhances GSO segment handling by properly checking the SKB_GSO_DODGY flag for frag_list GSO packets, addressing low throughput issues observed when a station accesses IPv4 servers via hotspots with an IPv6-only upstream interface. Specifically, it fixes a bug in GSO segmentation when forwarding GRO packets containing a frag_list. The function skb_segment_list cannot correctly process GRO skbs that have been converted by XLAT, since XLAT only translates the header of the head skb. Consequently, skbs in the frag_list may remain untranslated, resulting in protocol inconsistencies and reduced throughput. To address this, the patch explicitly sets the SKB_GSO_DODGY flag for GSO packets in XLAT's IPv4/IPv6 protocol translation helpers (bpf_skb_proto_4_to_6 and bpf_skb_proto_6_to_4). This marks GSO packets as potentially modified after protocol translation. As a result, GSO segmentation will avoid using skb_segment_list and instead falls back to skb_segment for packets with the SKB_GSO_DODGY flag. This ensures that only safe and fully translated frag_list packets are processed by skb_segment_list, resolving protocol inconsistencies and improving throughput when forwarding GRO packets converted by XLAT.

Details
INFO

Published Date :

Feb. 14, 2026, 4:15 p.m.

Last Modified :

March 25, 2026, 11:16 a.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Impact
Affected Products

The following products are affected by CVE-2026-23154 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM [email protected]
Solution
Update the Linux kernel to fix GRO packet segmentation issues for improved throughput.
  • Apply the kernel patch for net: fix segmentation of forwarding fraglist GRO.
  • Ensure SKB_GSO_DODGY flag is set correctly for XLAT translations.
  • Verify proper GSO segmentation after applying the fix.
  • Test throughput with IPv4 servers via IPv6-only upstream.
References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-23154.

URL Resource
https://git.kernel.org/stable/c/2cbef9ea5a0ac51863ede35c45f26931a85d3888
https://git.kernel.org/stable/c/3d48d59235c494d34e32052f768393111c0806ef Patch
https://git.kernel.org/stable/c/3e62db1e3140449608975e29e0979cc5f3b1cc07 Patch
https://git.kernel.org/stable/c/426ca15c7f6cb6562a081341ca88893a50c59fa2 Patch
https://git.kernel.org/stable/c/9122d7280b2303e835cdfec156bd932ac1f586ed
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-23154 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-23154 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-23154 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-23154 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 25, 2026

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/2cbef9ea5a0ac51863ede35c45f26931a85d3888
    Added Reference https://git.kernel.org/stable/c/9122d7280b2303e835cdfec156bd932ac1f586ed
  • Initial Analysis by [email protected]

    Mar. 18, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.18.9 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.6 up to (excluding) 6.12.69
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/3d48d59235c494d34e32052f768393111c0806ef Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/3e62db1e3140449608975e29e0979cc5f3b1cc07 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/426ca15c7f6cb6562a081341ca88893a50c59fa2 Types: Patch
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 14, 2026

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: net: fix segmentation of forwarding fraglist GRO This patch enhances GSO segment handling by properly checking the SKB_GSO_DODGY flag for frag_list GSO packets, addressing low throughput issues observed when a station accesses IPv4 servers via hotspots with an IPv6-only upstream interface. Specifically, it fixes a bug in GSO segmentation when forwarding GRO packets containing a frag_list. The function skb_segment_list cannot correctly process GRO skbs that have been converted by XLAT, since XLAT only translates the header of the head skb. Consequently, skbs in the frag_list may remain untranslated, resulting in protocol inconsistencies and reduced throughput. To address this, the patch explicitly sets the SKB_GSO_DODGY flag for GSO packets in XLAT's IPv4/IPv6 protocol translation helpers (bpf_skb_proto_4_to_6 and bpf_skb_proto_6_to_4). This marks GSO packets as potentially modified after protocol translation. As a result, GSO segmentation will avoid using skb_segment_list and instead falls back to skb_segment for packets with the SKB_GSO_DODGY flag. This ensures that only safe and fully translated frag_list packets are processed by skb_segment_list, resolving protocol inconsistencies and improving throughput when forwarding GRO packets converted by XLAT.
    Added Reference https://git.kernel.org/stable/c/3d48d59235c494d34e32052f768393111c0806ef
    Added Reference https://git.kernel.org/stable/c/3e62db1e3140449608975e29e0979cc5f3b1cc07
    Added Reference https://git.kernel.org/stable/c/426ca15c7f6cb6562a081341ca88893a50c59fa2
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 5.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact